Groove Ransomware Gang Urgent Panel Discussion

Cybercriminals operating under the name of the Groove Ransomware Gang released a statement (in Russian) in October that said that they would increase attacks on public sector organizations.

The note they posted also called on other ransomware gangs to join them in this effort. There was much discussion about this, and a few days later, a spokesperson for the gang said that it was all a joke to troll western law enforcement and the public sector. Whatever! Who trusts what these terrorists say one way or the other?

We have had some questions about what to do in light of the Groove Ransomware Gang's announcements and retractions. Last week we got an expert team to discuss the events, their meaning, and what public sector organizations should do. You can watch the 1-hour discussion below.

Key Takeaways from the Discussion

You should carve out an hour of your time to watch the video to get the full picture and all the excellent advice, but here are the key takeaways from the panel discussion.

• Law enforcement action against the ransomware gangs is having an effect.

• The gangs are feeling the pressure and are trying to hit back.

• We can trust nothing they say.

• The "Groove Ransomware Gang" notice calling for attacks against the public sector doesn't change the threat level, which remains high.

• The subsequent statement by the gang that it was trolling is irrelevant.

• Other malicious actors outside Russia and Eastern Europe may use this as cover to attack public sector assets and blame the attacks on the Groove gang.

• It could be a diversion to allow for attacks on private sector businesses while the focus is elsewhere.

• Public sector organizations should take note of the CISO list of 300 vulnerabilities everyone should patch. Attackers can chain many of these vulnerabilities to get elevated access even if individual ones have a low Common Vulnerability Scoring System rating.

• Organizations should continue with their cybersecurity defense planning.

• If possible, do disaster planning playbook sessions frequently so that everyone knows what to do in the event of an attack — at least annually, but preferably more often.

• We haven't seen any uptick in activity in our security operations center to suggest that the Groove gang, or any other cybercriminals, have increased the attacks on the public sector.

Resources:

• What is Ransomware?
• How do you Remove Ransomware?
• How do you Detect Ransomware?
• How do you Prevent Ransomware?
• How do you Protect your Network from Ransomware?
• What does Ransomware do to an Endpoint Device?

Critical Insight Can Defend Your Network

Critical Insight can help you secure your organization's IT systems using the latest best practices, tools, and techniques. Our security analysts focus on the threat landscape across healthcare, the public sector, critical infrastructure, and industry. These security experts, combined with the 24x7 MDR monitoring teams in our security operations center, can deliver the cybersecurity expertise an organization needs to deal with threats. Contact us to find out how we can work together via the form below.