Blog
The Upcoming U.S. Labor Day Weekend is a Reminder to Avoid Repeating History
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) announced this week that they have observed an “increase in highly impactful ransomware attacks occurring on holidays and weekends.”
The REvil ransomware gang knocked JBS Foods’ operations offline over the U.S. Memorial Day weekend. REvil struck again over the U.S. Fourth of July holiday weekend, launching a ransomware attack targeting Kaseya, which had a cascading effect on Kaseya’s managed service provider customers and their clients.
It’s not coincidental that these attacks transpired over holiday weekends. Attackers know that it’s difficult for security teams to quickly respond to an incident when away from work, giving them more time to move laterally and lock up or steal data. As Americans and Canadians prepare to break for an extended Labor Day weekend that also coincides with the Rosh Hashanah holiday, we must anticipate that attackers will capitalize on this moment in time.
Preventing Ransomware Before the Long Weekend
There are preventative steps IT security teams should take in the days leading up to holiday and non-holiday weekends. This is not a replacement for a robust ransomware protection strategy but rather a security checklist to complete before the close of business.
- Establish an after hours coverage plan – Knowing that attackers are likely to strike over the weekend, it’s important to ensure that someone is monitoring for malicious activity and can respond promptly.
- Backup everything, test everything – Before shutting down devices for the weekend, security teams should backup all data and supporting IT infrastructure. Once completed, teams should test the backups to ensure they can handle an attack. Organizations can restore operations faster when data is frequently backed up and isolated from production environments.
- Patch and update – Attackers manipulate known vulnerabilities to gain a foothold in the network. Organizations that frequently patch and upgrade software and devices make it more difficult for attackers to breakthrough, which can be enough of a deterrent for them to move on.
- Remind staff of their security awareness training – Phishing is one of the most common tactics attackers use to conduct a ransomware attack. Phishing attacks prey on emotions, hoping to catch end users when their guard is down—such as over the weekend. Security teams can send a quick refresher around to all staff to remind them of their role in defending the organization from cyberattacks.
The FBI’s Internet Crime Complaint Center (IC3) received 2,084 ransomware complaints with over $16.8M in losses between January 1 and July 31, 2021—a 62% increase from the same timeframe in 2020. As the ransomware threat continues to increase in sophistication and prevalence, it’s critical that organizations implement a well-planned ransomware defense strategy.
In June, the (ISC)² blog dedicated a whole week to ransomware awareness, called #RansomwareWeek, which included several blogs on developing and improving ransomware defense strategies. More information on ransomware defense and mitigation is available here .