LABOR Day revellers have been warned to be on the lookout for cybercriminals using the holiday to launch a ransomware attack.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint warning ahead of the long weekend.
3
3
Cybercriminals can strike at any time but a holiday period is particularly attractive for the hackers as it usually takes longer to detect with everyone off enjoying themselves.
“Generally speaking, the threat actors deploy their ransomware when there is less likelihood of people being around to start pulling plugs,” Brett Callow, threat analyst at antivirus company Emsisoft, told Wired.
“The less chance of the attack being detected and interrupted.”
Even if it is detected early it is usually harder to contact those in charge of dealing with the situation as they are also off getting into the party spirit.
“Intuitively, it makes sense that defenders may be less attentive during holidays, in large part because of decrease in staff,” said Katie Nickels, director of intelligence at security firm Red Canary.
“If a major incident occurs during a holiday, it may be more difficult for defenders to bring in necessary personnel to respond quickly.”
Earlier this year meat processing giant JBS was attacked at the start of the Memorial Day weekend while on the Friday before the Fourth of July Kaseya, an IT management software company, was hit.
The Colonial Pipeline attack took place over Mother’s Day weekend – while not a long weekend it was timed to cause the maximum amount of damage.
Most read in The US Sun
The FBI and CISA state they don’t have any “specific threat reporting” that a similar attack will take place over Labor Day weekend.
It is important to keep in mind though ransomware poses a constant threat and many attacks on small businesses don’t make national headlines.
RANSOMWARE ATTACKS ON THE RISE
In 2020, there were 2,473 ransomware incidents reported to the FBI’s Internet Crime Complaints Center, a rise of 20 percent on the previous year.
Over the same period, hacker demands tripled, according to IC3 data.
Not all those attacks were focused on long weekends and holidays although the CISA and FBI acknowledge weekends tend to be popular with crooks.
Callow said that submissions to ID Ransomware—a service created by security researcher Michael Gillespie that lets you upload ransom notes or encrypted files to figure out what exactly hit you—tend to spike on Mondays, when victims have returned to their offices and discovered the attack.
Similarly, attacks against schools drop sharply in late spring and summer, according to Callow, because there’s much less urgency with recovery then.
Many of the larger ransomware gangs, such as DarkSide, Ragnarok, and REvil, have dissolved or gone offline lately.
Anne Neuberger, the deputy national security adviser, said at a press conference Thursday that US intelligence agencies had seen a “reduction” in ransomware recently.
Security researchers though have cautioned against taking their eye off the ball.
“Ransomware groups like Pysa, Lockbit 2.0, Conti, and many others continue to cause significant damage to organizations,” said Nickels.
“Even when one or more dominant families of ransomware goes away, there is usually another right behind it to fill in the gap.”
'BE ON GUARD'
In the same briefing, Neuberger also cautioned organizations to “be on guard” ahead of the long weekend.
It maybe already too late to stop some ransomware attacks planned for this weekend with the best time to put up defenses often weeks before they strike.
Read More on The US Sun
“Most house break-ins occur in the middle of the day, but you don’t only lock your house then,” said Callow.
The FBI and CISA’s recommendations echo best practices for most cybersecurity situations: Don’t click on suspicious links. Make an offline backup of your data. Use strong passwords. Make sure your software is up to date. Use two-factor authentication. If you use Remote Desktop Protocol—a Microsoft product that has historically proven a popular entry point for attackers—proceed with caution.
3
We pay for your stories!
Do you have a story for The US Sun team?
