SecureWorld News

CISA Warning: Ransomware Operators Target Holidays

Written by SecureWorld News Team | Tue | Aug 31, 2021 | 9:36 PM Z

Much in the same way a burglar might case your house, ransomware gangs and cybercriminals monitor your systems, learning about your organization's activities and network.

Then they take advantage of holidays as an easy opportunity to launch a cyberattack.

The timing is intentional because many IT and cybersecurity team members are out of the office, meaning it can take longer to investigate any alerts and response times are longer.

What better time to hit your organization with a ransomware attack than when most of your cybersecurity crew just took off on a long weekend?

Attackers are using this technique so often that the the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is now warning organizations and cybersecurity professionals to be on alert over the holiday weekend.

Cyberattacks on holidays: the 2021 list

As examples of holiday-timed cyberattacks, CISA cited three specific cases that took place on holidays this year:

  • "In May 2021, leading into Mother's Day weekend, malicious cyber actors deployed DarkSide ransomware against the IT network of a U.S.-based critical infrastructure entity in the Energy Sector, resulting in a week-long suspension of operations. After DarkSide actors gained access to the victim's network, they deployed ransomware to encrypt victim data and—as a secondary form of extortion—exfiltrated the data before threatening to publish it to further pressure victims into paying the ransom demand."
  • "In May 2021, over the Memorial Day weekend, a critical infrastructure entity in the Food and Agricultural Sector suffered a Sodinokibi/REvil ransomware attack affecting U.S. and Australian meat production facilities, resulting in a complete production stoppage."
  • "In July 2021, during the Fourth of July holiday weekend, Sodinokibi/REvil ransomware actors attacked a U.S.-based critical infrastructure entity in the IT Sector and implementations of their remote monitoring and management tool, affecting hundreds of organizations—including multiple managed service providers and their customers."
Reading between the lines, these are the Colonial Pipeline, JBS Foods, and Kaseya cyber incidents.

Ransomware attacks: 'everything shut down'

This year alone, ransomware attacks have extorted more than $42 million, according to Ransomwhere, a crowdsourced ransom payment tracker. 

Not only is a ransomware payment costly, but so is the cost of potential downtime, incident response, and stress on your team.

Cyber attorney Shawn Tuma of Spencer Fane, who recently spoke on the ransomware attack lifecycle at a SecureWorld conference, explains it like this:

"Ransomware is literally the kind of thing where you can go to bed the night before, lay your head down on your pillow, have your organization doing great, then you wake up in the morning to have everything shut down and your whole world changed. That's a huge impact.

And it's not just a technical aspect of going through that incident response. But there's also an emotional side and how you hold it together and keep your team together."

CISA has made an aggressive push to bring awareness to ransomware attacks with its new Stop Ransomware campaign.

Is your organization armed with a solid holiday ransomware defense plan? For more about holiday-timed attacks, read The Holiday Hacker Case Study.

[RESOURCE: Tune into SecureWorld's webcast, Your Ransomware Hostage Guide, available live and on-demand. Register to attend and earn CPE credit.]