By now, most organizations are well aware that cybercriminals and nation-state hackers up their game over the holidays rather than take a break. That trend spiked this year as ransomware gangs waged attacks over Mother's Day, Memorial Day, and Independence Day US holiday weekends.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI today issued a security advisory for US government and private sector organizations about the risk of ransomware and other attacks over the upcoming Labor Day weekend. The agencies said the alert is based on the pattern of previous holiday-weekend ransomware campaigns and is not in response to any specific intelligence on an upcoming threat.
The CISA-FBI advisory recommends key defenses for mitigating risk by ransomware and other threats, including threat hunting for signs of attackers, updating software, segmenting networks, offline backups of data, scanning for vulnerabilities, employing strong passwords and multifactor authentication for remote access and administrative accounts — and not paying ransom fees to the attackers.
"The FBI and CISA encourage all entities to examine their current cybersecurity posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware," the advisory said.
The agencies also recommend an incident response plan that includes response and notification procedures for a ransomware attack, and contingency plans if critical systems are taken offline.
Adam Kujawa, director of Malwarebytes Lab, says the risk of attacks this coming weekend is real. "I think based on the immense amount of attacks coming during holidays this year, we should be concerned that something might happen," he says. "At the end of the day, though — holiday or not— attackers are focused on the opportunity as a sign to go after a particular organization, such as a vulnerability or misconfiguration or something like that."
Being closed for the holiday can exacerbate an attack if systems are left up and accessible but no one is working over the holiday to monitor them, explains Kujawa,
Malwarebytes recommends shutting down nonessential systems at the start of the holiday weekend, as well as disabling any systems or processes that aren't needed. "Ensure there is always someone watching the network during the holiday, and make sure they are equipped to handle a sudden attack situation," the company said in a new blog post, "How to stay secure from ransomware attacks this Labor Day weekend."
Schools Lose $6.62B to Ransomware
No industry sector is immune to ransomware. New data released today from Comparitech shows that in 2020, ransomware attacks cost US schools and colleges $6.62 billion — and the research firm believes that's a conservative number since many of the details of these attacks go unreported. Ransomware attackers received more than $1,909,058 in ransom payments, and waged some 77 different ransomware attacks on schools and colleges. The number of those attacks actually represents a 20% drop from 2019, but some 40% more schools were hit (1,740).
Ransom ranged from $10,000 to more than $1 million, and schools lost an average of seven days to downtime. The state of Texas tallied the most school ransomware attacks in 2020, with 13%, followed by California, with 9%, according to the new data.
Meanwhile, the Independence Day weekend still haunts more than 1,000 businesses that were hit with REvil ransomware in a massive supply chain attack targeting managed service providers (MSPs) who use the Kaseya Virtual System Administrator (VSA) software. The attackers rigged the VSA auto-update to drop REvil on unsuspecting MSPs.
CISA and the FBI in their advisory today offered specific steps to take if an organization does get infected with ransomware, including:
• Isolate the infected system and disconnect it from all networks, including wireless, and place in a central location and flag them.
• Power off other computers and devices
• Secure backups so backup data is offline; scan them for malware.
"Ransomware continues to be a national security threat and a critical challenge, but it is not insurmountable," Eric Goldstein, executive assistant director for cybersecurity at CISA said in a statement released with the advisory. "With our FBI partners, we continue to collaborate daily to ensure we provide timely, useful and actionable advisories that help industry and government partners of all sizes adopt defensible network strategies and strengthen their resilience. All organizations must continue to be vigilant against this ongoing threat."