These belonged to several critical sectors including manufacturing, financial services, energy, IT, government, and others.
The IOCs in the alert has information such as Bitcoin addresses to collect the ransom and email addresses of operators.
More details about the attack
The ransomware operators terminate remote management software such as ConnectWise and Kaseya to evade detection and ensure logged-in admins do not interfere with the deployment process.
The FBI has asked security professionals to share any related information, such as copies of the ransom notes, malicious activity timelines, ransom demands, payload samples, and other IOCs with the local FBI Cyber Squad. This may help identify the attackers behind this ransomware group.