US govt warns of increased ransomware risks during holidays

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warned critical infrastructure partners and public/private sector organizations not to let down their defenses against ransomware attacks during the holiday season.

The two federal agencies’ warning was issued in the form of a joint advisory published Monday, “based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting.”

As previously observed, threat actors have often taken advantage of a decrease in readiness to respond to cybersecurity attacks during weekends and holidays to attempt breaches of critical networks and systems belonging to public and private sector orgs.

The two agencies also provide a list of mitigations, including the need to set up an IT security team ready to react to ransomware attacks even outside regular office hours.

Other best practices outlined in the joint alert include:

  • Implement multi-factor authentication for remote access and administrative accounts
  • Mandate strong passwords and ensure they are not reused across multiple accounts
  • If you use remote desktop protocol (RDP) or other potentially risky services, ensure it is secure and monitored      
  • Remind employees not to click on suspicious links, and conduct exercises to raise awareness
  • Review and, if needed, update incident response and communication plans that list actions an organization will take if impacted by a ransomware incident

“While we are not currently aware of a specific threat, we know that threat actors don’t take holidays,” said CISA Director Jen Easterly. “We urge all organizations to remain vigilant and report any cyber incidents to CISA or FBI.”

“The FBI is dedicated to combatting cyber-crimes targeting the American public and our private sector partners. Cyber criminals have historically viewed holidays as attractive times to strike,” added FBI Cyber Assistant Director Bryan Vorndran. 

Today’s warning follows a very similar one issued at the end of August, ahead of the Labor Day weekend, after noticing that highly impactful ransomware attacks commonly hit US organizations when offices are typically closed.

“CISA offers a range of no-cost cyber hygiene services—including vulnerability scanning and ransomware readiness assessments—to help critical infrastructure organizations assess, identify, and reduce their exposure to cyber threats,” the agencies added at the time.

“By taking advantage of these services, organizations of any size will receive recommendations on ways to reduce their risk and mitigate attack vectors.”

Last month, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) had also revealed the scale of financial losses suffered by ransomware targets in the previous few years by linking almost $5.2 billion in outgoing BTC transactions to paid ransoms.

FinCEN’s report came on the heels of governments worldwide saying in mid-October that they will crackdown on cryptocurrency payment channels used by ransomware gangs.

Source: www.bleepingcomputer.com