FBI and CISA Warn Ransomware Attacks More Prevalent on Holidays -- Redmondmag.com

FBI and CISA Warn Ransomware Attacks More Prevalent on Holidays

By Kurt Mackie
09/03/2021

Organizations could be more subject to ransomware attacks on weekends and holidays, according to an alert issued this week by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA).

The agencies anecdotally cited examples this year of DarkSide ransomware attacks on Mother's Day weekend, as well Sodinokibi/REvil ransomware attacks on Memorial Day and the Fourth of July holidays. They indicated that they didn't have information indicating that this Labor Day holiday weekend was getting targeted, though.

In general, ransomware complaints to the FBI's Internet Crime Complaint Center (IC3) were up 62 percent, year over year.

"From January to July 31, 2021, the IC3 has received 2,084 ransomware complaints with over $16.8M in losses, a 62 percent increase in reporting and 20 percent increase in reported losses compared to the same time frame in 2020," the alert stated.

The ransomware most frequently reported to the FBI in the last month included Conti, PYSA, LockBit, RansomEXX/Defray777, Zeppelin, and Crisis/Dharma/Phobos.

Initial access attempts of ransomware attackers typically starts via phishing attempts and "brute forcing unsecured remote desktop protocol (RDP) endpoints." The agencies advised using virtual desktop infrastructure for remote access, rather than RDP, which was described as a "potentially risky" service.

The alert recommended that organizations conduct proactive threat hunting to find attacker activity. Organizations should understand their network's baseline activity to detect abnormal activities that could indicate compromise.

Specifically to address ransomware attacks, the agencies recommended maintaining offline and encrypted backups, "as many ransomware variants attempt to find and delete or encrypt accessible backups."

The alert is packed with best-practices recommendations and helpful links. CISA also offers "Cyber Hygiene Services" to organizations that will check for network vulnerabilities. Its vulnerability scanning, Web app scanning, phishing assessment and remote penetration testing services are offered for free to "federal, state, local, tribal and territorial governments, as well as public and private sector critical infrastructure organizations."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.