FBI and CISA Warn Ransomware Attacks More Prevalent on Holidays

Organizations could be more subject to ransomware attacks on weekends and holidays, according to an alert issued this week by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA). 

The agencies anecdotally cited examples this year of DarkSide ransomware attacks on Mother's Day weekend, as well Sodinokibi/REvil ransomware attacks on Memorial Day and the Fourth of July holidays. They indicated that they didn't have information indicating that this Labor Day holiday weekend was getting targeted, though.

In general, ransomware complaints to the FBI's Internet Crime Complaint Center (IC3) were up 62 percent, year over year.

"From January to July 31, 2021, the IC3 has received 2,084 ransomware complaints with over $16.8M in losses, a 62 percent increase in reporting and 20 percent increase in reported losses compared to the same time frame in 2020," the alert stated.

The ransomware most frequently reported to the FBI in the last month included Conti, PYSA, LockBit, RansomEXX/Defray777, Zeppelin, and Crisis/Dharma/Phobos.

Initial access attempts of ransomware attackers typically starts via phishing attempts and "brute forcing unsecured remote desktop protocol (RDP) endpoints." The agencies advised using virtual desktop infrastructure for remote access, rather than RDP, which was described as a "potentially risky" service.

The alert recommended that organizations conduct proactive threat hunting to find attacker activity. Organizations should understand their network's baseline activity to detect abnormal activities that could indicate compromise.

Specifically to address ransomware attacks, the agencies recommended maintaining offline and encrypted backups, "as many ransomware variants attempt to find and delete or encrypt accessible backups."

The alert is packed with best-practices recommendations and helpful links. CISA also offers "Cyber Hygiene Services" to organizations that will check for network vulnerabilities. Its vulnerability scanning, Web app scanning, phishing assessment and remote penetration testing services are offered for free to "federal, state, local, tribal and territorial governments, as well as public and private sector critical infrastructure organizations."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube