As ransomware surges, enable 2FA now, FBI says.
Cyber extortion, or ransomware if you prefer the less literal term for this particular type of cyber attack, is rising like a malicious phoenix from the flames of government regulation and law enforcement action. There is, however, a relatively simple mitigation technique that can help prevent you from becoming the next victim of these attackers, and the FBI has urged that you implement it right away.
The Rising Ransomware Threat Puts FBI Warnings Back Into The Spotlight
I have reported how the total amount of crypto being demanded by ransomware attackers has been on the decline of late, but that doesn’t mean the number of attacks is following the same downward trend. In fact, it would appear that quite the opposite is true. According to an April 15 report into the state of ransomware as we enter quarter two of 2025, by threat intelligence analysts at ReliaQuest, the surge in ransomware attacks is nothing short of incredible.
While a new record was set in December 2024 for the number of organizations listed as victims on ransomware threat group data-leak sites, the ReliaQuest threat research team said that those numbers were blown away in February. “Clop alone was responsible for 35% of all victims named on data-leak sites that month,” the report said, with FunkSec and Medusa also adding to the totals.
FunkSec added 152 victims to those lists this quarter, compared to just 82 in the last quarter of 2024. That makes it the fourth most active ransomware group in 2025 so far. Clop, though, heads the list with 389 victims, up from 26. That, dear reader, is a 1,400% increase.
And who can forget Medusa? Certainly not me, or the FBI for that matter. The ransomware-as-a-service cybercriminal activity jumped by 35%, likely driven by “the void left by disrupted ransomware gangs in late 2024,” ReliaQuest said. Indeed, advice given by the FBI in previous warnings regarding the Medusa threat hold the key to mitigating most ransomware threats.
The FBI Has The Answers To Mitigate Cyber Extortion Attacks
A joint cybersecurity advisory between the FBI and the U.S. Cybersecurity and Infrastructure Security Agency, provided the following mitigation advice which should be used as a rule of thumb when not comes to all ransomware attacks. The first of which falls neatly into the “why haven’t you already done this” category, considering it is so effective yet so simple.
- Require two-factor authentication for all services where possible, but in particular for webmail such as Gmail, Outlook and others, along with virtual private networks and any accounts that can access critical systems.
- Require all accounts with password logins to use long passwords and consider not requiring frequently recurring password changes, as these can weaken security.
- Retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location.
- Keep all operating systems, software, and firmware up to date. Prioritize patching known exploited vulnerabilities in internet-facing systems.
- Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool.
- Monitor for unauthorized scanning and access attempts.
- Filter network traffic by preventing unknown or untrusted origins from accessing remote services on internal systems.
- Audit user accounts with administrative privileges and configure access controls according to the principle of least privilege.
- Disable command-line and scripting activities and permissions.
- Disable unused ports.
Although I don’t always agree with the advice that three-letter agencies provide when it comes to matters of cybersecurity, on this occasion, the FBI has nailed it. You would be well advised to take note and act now given the ransomware resurgence.
