Labor Day Ransomware Threat
by Jennifer Marques
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory concerning an elevated threat of ransomware attacks over the holiday weekend.
Neither agency has identified a specific threat but base their warning on historic spikes in ransomware activity over recent holiday weekends. Commodity ransomware is a threat to all businesses regardless of size due to its low cost to deploy, resulting in a “spray and pray” method of malware distribution. Clients with high revenue or sensitive data are at risk of more targeted threats.
Modern ransomware facilitates blackmail in two ways:
- It encrypts important data and/or systems to that organizations can’t function.
- It exfiltrates data that the criminals can threaten to release that data if they aren’t paid.
This means that effective offline backups are no longer sufficient to address the risks caused by ransomware.
How to prepare for the immediate threat
Clients should take several steps to prepare for the immediate threat. First, they should ensure that their cybersecurity tools have the indicators of compromise for the malware listed in the advisory loaded. Second, they should make sure that those tools have proper visibility across the organization’s network. Third, all software should be fully patched and updated. Clients should consider advising employees to be especially careful around suspicious emails. Some clients may turn off non-essential services over the holiday weekend, such as RDP. Validating back-ups is another important consideration.
These steps may reduce the risk for this holiday weekend. Clients should take additional steps to address ransomware more broadly. These steps include developing and testing incident response plans, disaster recovery plans, and business continuity plans. Clients should also take steps to improve their basic cybersecurity posture, including eliminating unneeded software and services, scanning their networks for vulnerabilities, implementing vendor risk management, and increasing employee training. Multi-factor authentication is another critical tool in addressing ransomware, although it is not a magic bullet. Other actions may be advisable depending on a client’s specific circumstances.
If you have questions or concerns about ransomware or cybersecurity more generally, we can help you manage your risks and exposure. If you suffer a ransomware incident this weekend, or anytime, we are available to assist you.