The FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory this week, urging organizations not to let down their defenses against ransomware attacks during holidays or weekends. The FBI and CISA stated they do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday. However, the FBI and CISA have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends. The agencies highlighted three major ransomware attacks that all took place at the onset of a holiday weekend. Mother’s Day, Memorial Day, and Fourth of July weekend all saw major ransomware attacks that were initiated right before the holiday weekend began.
Both the FIB and CISA strongly discourage paying a ransom to criminal actors. Payment does not guarantee files will be recovered, nor does it ensure protection from future breaches. Payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of malware, and/or fund illicit activities. Regardless of paying a ransom or not, organizations that are victims of ransomware attacks should report the incident to the FBI and CISA. Organizations should also initiate proactive measures to ensure they are protected from ransomware. The US DHS website, stopransomware.gov, has links to resources that help organizations protect their systems from intrusions that lead to ransomware. To protect against ransomware attacks, organizations should regularly back up data, air gap, and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides. Implement network segmentation. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud). Install updates/patch operating systems, software, and firmware as soon as practical after they are released. Implement monitoring of security events on employee workstations and servers, with a 24/7 Security Operations Center to detect threats and respond quickly. Use multifactor authentication where possible. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts. Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities