Iran-backed hackers are targeting U.S. with ransomware. Here’s how companies can protect themselves

November 17, 2021, 7:36 PM UTC

U.S. officials are urging companies to back up their data, update software, and disable hyperlinks in employee emails to protect themselves against Iranian hackers who are targeting firms and critical infrastructure with ransomware. 

The cybersecurity tips were part of a warning about Iran-backed hackers issued on Wednesday by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the Australian Cyber Security Centre, and the U.K’s National Cyber Security Centre.

The coalition said that hackers associated with Iran’s government have been trying to exploit vulnerabilities in Microsoft’s Exchange email server product and certain products sold by networking and security firm Fortinet. After exploiting the software flaws, the hackers then carry out “follow-on operations” involving ransomware, extortion, and data theft to further compromise their victims, which have included U.S. transportation and healthcare firms and unspecified Australian organizations.

Some of the recent attacks identified include a June 2021 attack in which the Iranian hackers were able to compromise a U.S. children’s hospital. 

Earlier this week, Microsoft released research indicating a rise in activity from malicious actors based Iran that are “increasingly utilizing ransomware to either collect funds or disrupt their targets.” That the hacking groups are believed to be linked to Iran’s government is significant considering most ransomware groups are criminal syndicates.

The coalition said that companies using Microsoft Exchange email servers and Fortinet products should inspect their products and corporate networks for signs that they have been compromised. For instance, IT managers could review their corporate network’s antivirus logs to discover if they were unexpectedly turned off.

Companies also should back up all corporate data and create password-protected copies that are maintained offline. They should also audit employee accounts that have administrator privileges and require that all user accounts require logins with strong, unique passwords.   

Organizations should also consider adding an “email banner” that indicates whether an email sent to an employee came from a third party, which could be a sign of a phishing attack.

More tech coverage from Fortune:

Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward