CISA Warns of Rise in Ransomware Attacks During Holidays and Long Weekends

Ransomware attacks, like all cyberattacks, can happen at any time, which is why it is critical to always be on high alert while at work. However, there are times where companies may be more vulnerable than usual. As such, CISA (Cybersecurity and Infrastructure Security Administration) is warning holidays and long weekends may be prime time for bad actors to strike.

What Is Ransomware?

First, it helps to know exactly what you’re up against. Ransomware is a type of cyberattack in which bad actors take over a network and lock out the owners. From here, the bad actors demand a ransom in exchange for the “keys” back to the network, hence, “ransomware.” Rather than simply steal data or install malicious software quietly, ransomware attackers want you to know they’re here, so they can get as much money from you as possible.

While these types of attacks can happen at any time—and they do—CISA is warning that holidays and long weekends may be a particularly perilous time to watch out for ransomware attacks.

Are Ransomware Attacks Common During Holidays and Long Weekends?

CISA doesn’t come out with specific threats they’ve identified around holidays and long weekends. Rather, they’ve noticed trends in the past with an uptick in ransomware attacks during these times. In this alert, they identity three attacks that occurred during long weekends and holidays:

• In May 2021, leading into Mother’s Day weekend, malicious cyber actors deployed DarkSide ransomware against the IT network of a U.S.-based critical infrastructure entity in the Energy Sector, resulting in a week-long suspension of operations. After DarkSide actors gained access to the victim’s network, they deployed ransomware to encrypt victim data and—as a secondary form of extortion—exfiltrated the data before threatening to publish it to further pressure victims into paying the ransom demand.
• In May 2021, over the Memorial Day weekend, a critical infrastructure entity in the Food and Agricultural Sector suffered a Sodinokibi/REvil ransomware attack affecting U.S. and Australian meat production facilities, resulting in a complete production stoppage.
• In July 2021, during the Fourth of July holiday weekend, Sodinokibi/REvil ransomware actors attacked a U.S.-based critical infrastructure entity in the IT Sector and implementations of their remote monitoring and management tool, affecting hundreds of organizations—including multiple managed service providers and their customers.

Part of the problem with holidays and long weekends is the extended time frame for most, if not all, employees to be away from work. This leaves a gap for bad actors to potentially exploit.

How You Can Prevent Ransomware Attacks at Your Workplace

Even if you are not in charge of protecting your organization from cyberattacks, you do have a responsibility to the company as a whole. At times, ransomware attackers find their way into networks through individual employees, so it’s critical you employ good cyber hygiene to prevent this from happening.

Never click on strange or suspicious links. If someone emails or messages you a link that seems off, trust your instincts. Follow up with contacts in person or by phone if a request via email doesn’t seem to be right.

Keep your credentials private. That means making sure your passwords and strong and unique, are coupled with multi-factor authentication (MFA), and are stored securely in a password manager or other encrypted location. If your username and password are lost in a data leak, change these credentials immediately.

If you are responsible for company data of any kind, keep an offline backup of it on hand. That way, in the event of a ransomware attack, your data is secure, and the threat won’t be as effective.