Holiday Ransomeware Prevention Reading Time: 2 minutes

It has become an annual occurrence. Every year, pre-Thanksgiving up to the Christmas period, organizations are warned multiple times to anticipate the cyberattacks that affect organizations of all sizes. The Albany County Airport Authority, Sodinokibi ransomware attack in December 2020, and Magecart attack during Black Friday this year, are such examples where holiday seasons have become a targeted period for threats, as well full-scale ransomware attacks.

What Should Organizations Be Aware of?

FBI and CISA agencies have recognized similar trends before the Memorial and July 4th holidays, with the end-of-year holiday season joining that list. The Christmas holidays and in particular the holiday weekend is being seen by attackers as the most ‘ideal attack window’ in which they can exploit networks and systems. Almost all forms of ransomware can cripple IT infrastructure and completely stop a business from running, but there are some specific ransomware examples that should be watched for during the holiday season. These include ‘LockBit, Zeppelin, Crysis/Dharma/Phobos, PYSA, Conti, and RansomEXX. However, it’s important to note, this is not an exhaustive list but rather a group of commonly reported ransomware over the past few months in the run-up to December.

Both the FBI and CISA have highlighted two primary areas of best practices where organizations should preemptively plan for in the run-up to the holiday weekend: establishing foundational cyber hygiene best practice and proactive monitoring.

– Backing up data regularly– Regularly assess data logs for anomalies
– Assess 3rd party vendor security posture for any suspect activity– Apply a behavior-based monitoring approach for endpoint, network, and user activity
– Auditing of admin accounts and configuring access control to least privilege– Monitoring abnormal inbound/outbound network traffic
– Ensure alerting mechanisms are automated– Irregular login activity/privilege escalation attempts
– Deployment of endpoint detection and response, SIEM solutions, and other intrusion detection methods– Development of a threat hunting plan based on various approaches (e.g. structured/unstructured, intel-based hunting, etc.)
– Development of a readiness and response plan in case of a ransomware attack

Moving Forward

The mid-market and large enterprise landscape must understand that preemptive steps for security are not limited to the above commentary, but rather, an all-encompassing security posture plan that involves preventative and detection procedures, and dynamic threat hunting activity is the best way to help tackle potential ransomware threats. For more detailed FBI and CISA recommendations, access Alert (AA21-243A).