The FBI and CISA warn organizations to keep high their defenses against ransomware attacks during weekends or holidays.
The government agencies have observed an increase in ransomware attacks occurring on holidays and weekends, the choice of these period is motivated by the lower level of defense due to the reduced presence of the personnel.
“Today, the Federal Bureau of Investigation (FBI) and CISA released a Joint Cybersecurity Advisory (CSA) to urge organizations to ensure they protect themselves against ransomware attacks during holidays and weekends—when offices are normally closed.” reads the advisory published by CISA. “Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021.”
The agencies shared a few examples of attacks orchestrated by ransomware gangs ahead of holidays and weekends:
Most of the attacks leverage phishing and brute-forcing unsecured remote desktop protocol (RDP) endpoints and initial attack vectors to compromise the networks of the organizations and deploy the ransomware.
The FBI and CISA recommend organizations conduct threat hunting on their networks aimed at searching for any signs of threat actor activity to prevent attacks before they occur or to minimize the impact of successful attacks.
“Threat actors can be present on a victim network long before they lock down a system, alerting the victim to the ransomware attack. Threat actors often search through a network to find and compromise the most critical or lucrative targets. Many will exfiltrate large amounts of data. Threat hunting encompasses the following elements of understanding the IT environment by developing a baseline through a behavior-based analytics approach, evaluating data logs, and installing automated alerting systems.” reads the joint alert.
Experts suggest focusing on:
Some Indicators of suspicious activity that organizations should look for include:
CISA pointed out that it provides a range cyber hygiene services for free, such as vulnerability scanning and ransomware readiness assessments to help organizations determine their surface of attack and reduce it..
Both agencies also encourage victims of ransomware attacks to share forensic artifacts as part of their incident report, including:
The Joint report provides the following recommendations to the organizations:
(SecurityAffairs – hacking, ransomware)