Watch Out for Ransomware Attacks During Holidays, FBI and CISA Warn
Americans Are Ready for Vacation, but Cybercriminals Might Have Different Plans.
“‘Tis the season to be jolly” and more careful than ever. As Thanksgiving is rapidly approaching and Americans get ready to celebrate it with their families and leave work aside, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) remind critical infrastructure partners that malicious actors will probably be “at work”.
The two agencies advise organizations to take proactive actions in order to protect themselves against ransomware attacks during the upcoming holiday season.
The joint advisory issued on Monday states:
Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure.
Weekends and Holidays Appealing for Ransomware Gangs
Even though neither CISA nor the FBI has detected any specific threats as of yet, recent trends in 2021 show hackers launching significant and destructive ransomware attacks during weekends and holidays, including Mother’s Day and Independence Day weekends.
CISA and the FBI strongly advise all organizations, particularly critical infrastructure partners, to evaluate their existing security strategy and apply best practices and mitigations to minimize the impact posed by cyber-attacks.
They urge individuals and entities to take the following steps in order to protect themselves from becoming the next victim:
- Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
- Implement multi-factor authentication for remote access and administrative accounts.
- Mandate strong passwords and ensure they are not reused across multiple accounts.
- If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
- Remind employees not to click on suspicious links, and conduct exercises to raise awareness.
While we are not currently aware of a specific threat, we know that threat actors don’t take holidays. We urge all organizations to remain vigilant and report any cyber incidents to CISA or FBI.
FBI Cyber Assistant Director Bryan Vorndran stated that the bureau is committed to fighting cyberattacks that threaten the American public and their private sector partners. He also noted that previously, malicious hackers viewed holidays as perfect occasions to launch attacks.
The #FBI and @CISAgov previously noted an increase in ransomware attacks on holidays and weekends. Although we currently don’t have any reports that indicate a #Thanksgiving attack, we urge the public to stay vigilant this holiday weekend. #StopRansomware https://t.co/mYh0ccY52S pic.twitter.com/KajdxUKrjg
— FBI (@FBI) November 22, 2021
The most recent warning comes after a similar one published in August 2021, before the Labor Day weekend, when it was observed that ransomware attacks frequently hit US entities when offices were typically closed.
CISA offers a range of no-cost cyber hygiene services—including vulnerability scanning and ransomware readiness assessments—to help critical infrastructure organizations assess, identify, and reduce their exposure to cyber threats.
By taking advantage of these services, organizations of any size will receive recommendations on ways to reduce their risk and mitigate attack vectors.
$5.2 Billion Worth of Bitcoin Transactions Related to Ransomware
Based on blockchain analysis of transactions linked to the 177 CVC wallets, Financial Crimes Enforcement Network (FinCEN) identified nearly $5.2 billion in outbound BTC transactions related to ransomware payments.
FinCEN associated these transactions with $590 million in reported transactions and 635 SARs submitted by financial institutions between January 2021 and June 2021.
How Can Heimdal Help?
In the fight against ransomware, Heimdal™ Security is offering its customers an outstanding integrated cybersecurity suite including the Ransomware Encryption Protection module, that is universally compatible with any antivirus solution, and is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.