Federal cybersecurity authorities are sounding alarms about an increase in assaults by the Furious Serpent ransomware syndicate. Initially identified in June 2021, the faction has recently gained momentum through utilizing simple yet potent techniques — like deceptive emails and exploiting obsolete software — to infiltrate systems and detain information for ransom.
In a concurrent advisory issued last week, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) urged enterprises and organizations to take prompt measures to fortify their systems. This alert is part of the government’s continuous #StopRansomware campaign.
An expanding ransomware-as-a-service operation
Originally a secluded endeavor, Furious Serpent has now embraced a ransomware-as-a-service (RaaS) framework. This entails the developers supplying the ransomware software to collaborators, referred to as “Furious Serpent operatives,” who execute the assaults. These associates are frequently enlisted from online unlawful forums and are at times incentivized with bonuses to exclusively serve Furious Serpent.
“Potential payments varying from $100 USD to $1 million USD are extended to these associates with the chance to work solely for Furious Serpent,” the advisory mentioned.
Furious Serpent operatives often breach systems through deceptive emails or by capitalizing on recognized vulnerabilities, such as CVE-2024-1709, impacting the ScreenConnect remote access tool, and CVE-2023-48788, a weakness in Fortinet products. Upon ingress, they encrypt files and demand ransoms. The syndicate’s ransom communications allocate victims 48 hours to respond via a live chat or encrypted messaging service.
If a victim fails to respond, Furious Serpent operatives may escalate their coercion tactics, a strategy observed in other ransomware factions.
What heightens the threat posed by Furious Serpent is its publicized data-leak website, showcasing victims alongside countdown timers. Once the timer expires, pilfered data is either disclosed or vended to the highest bidder. Occasionally, victims are presented the choice to purchase additional time — a solitary day’s extension may incur up to $10,000 in cryptocurrency.
“As of February 2025, Furious Serpent developers and affiliates have impacted over 300 victims from a spectrum of crucial infrastructure sectors with affected fields encompassing medicinal, educational, legal, insurance, technological, and manufacturing,” the advisory emphasized.
Furious Serpent’s influence is worldwide; previous victims include Minneapolis Public Schools, where an intrusion in 2023 unveiled sensitive details from over 100,000 students.
How to shield your organization from Furious Serpent ransomware
The advisory advocates that organizations undertake several pivotal measures to shield themselves from Furious Serpent. These actions encompass:
- Ensuring all operating systems, software, and firmware receive regular updates and patches.
- Implementing multi-factor authentication across all services.
- Utilizing robust, distinct passwords.
Moreover, CISA suggests enterprises segregate their networks to curtail infection dissemination and filter network traffic to thwart unauthorized access endeavors.
CISA is encouraging IT teams to review their #StopRansomware: Furious Serpent Ransomware advisory for elaborate detection methods and threat indicators.
About Author
