Office workers aren’t the only ones who look forward to long weekends. Based on recent ransomware activity, hackers also love holidays that lead to lengthy breaks for the 9-to-5 crowd – because it’s the perfect time to launch ransomware attacks.
In an August 2021 alert titled “Ransomware Awareness for Holidays and Weekends,” the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned that cybercriminals had demonstrated a pattern of striking during holiday weekends. While businesses should maintain optimal security at all times, it’s vital to be vigilant in the lead-up to long weekends.
With Thanksgiving on the horizon, here’s what you should know about holiday ransomware attacks and the best ways to stop malicious software from striking your business while your team is enjoying their time off.
Why Hackers Attack on Holidays
On long weekends, many people try their best to forget about work and focus on relaxing. That includes IT teams. Subsequently, cybercriminals’ plots often involve striking during these times when the victim’s guard is down.
The FBI and CISA alert states that hackers “may view holidays and weekends—especially holiday weekends—as attractive timeframes in which to target potential victims, including small and large businesses. In some cases, this tactic provides a head start for malicious actors conducting network exploitation and follow-on propagation of ransomware, as network defenders and IT support of victim organizations are at limited capacity for an extended time.”
There are plenty of recent examples of this type of criminal behavior, according to the Wired article “Why Ransomware Hackers Love a Holiday Weekend.” For instance, the Kaseya ransomware attack happened on the Friday before the Fourth of July, and the JBS incident occurred the Friday prior to Memorial Day weekend.
When your team is out of the office, it can take a lot longer to notice malicious software sneaking past your defenses, according to Wired. Additionally, with much of your incident response team likely in vacation mode, your response probably won’t be as swift when you realize what’s happening.
How to Stop Ransomware From Ruining Your Long Weekends
No one wants to have to abandon Thanksgiving dinner to deal with a cybersecurity crisis. Additionally, getting hit by ransomware can come at an astronomically high cost for your business when you consider factors such as downtime, lost productivity, regulatory penalties, and reputation damage. Funds sent to attackers account for only $790,000 of the $5.66 million average total cost of ransomware, according to The 2021 Cost of Phishing Study from the Ponemon Institute and Proofpoint. Learn more about the financial fallout of ransomware in this blog entry by our CISO – “The True Cost and Impact of Ransomware: How an Attack Can Haunt Your Business for Years.”
Fortunately, you can take steps to lower your ransomware risk level and ensure the damage is minimal if bad actors evade your defensive measures. Here are some tips from the FBI and CISA alert and our security team on preparing for the threat of holiday cyberattacks.
- Engage in proactive threat hunting.
- Review your data logs for suspicious activity.
- Implement cybersecurity solutions such as extended detection and response (XDR) and Security Operations Center as a Service (SOCaaS)
- Routinely administer employee security awareness training.
- Teach your team to utilize strong passwords and recognize phishing emails. Tell them not to click on links or attachments associated with suspicious messages.
- Deploy multi-factor authentication (MFA) or two-factor authentication (2FA) for every service and solution possible.
- This also has the bonus of meeting the current requirements of many cyber liability insurance providers.
- Implement zero-trust network architecture with secure access service edge (SASE).
- This has become the standard for secure access in today’s world of hybrid work.
- Create and maintain offline encrypted backups of your data. Remember to test them routinely.
- Update and patch all operating systems and applications regularly.
- Maintain a cybersecurity incident response plan so everyone knows what to do if cybercriminals breach your network.
Don’t let hackers ruin your holiday. Review your cybersecurity strategy and ensure you’re ready to combat ransomware before your team logs off for a long weekend.
If you have any questions about how to stop ransomware, our team can assist you. We have experience delivering comprehensive cybersecurity solutions and services to businesses of all sizes and can help you craft an effective security strategy for your organization. For details, give us a call at 877-599-3999 or email sales@stratospherenetworks.com.