The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory concerning an elevated threat of ransomware attacks over the holiday weekend.
Neither agency has identified a specific threat but base their warning on historic spikes in ransomware activity over recent holiday weekends. Commodity ransomware is a threat to all businesses regardless of size due to its low cost to deploy, resulting in a “spray and pray” method of malware distribution. Clients with high revenue or sensitive data are at risk of more targeted threats.
This means that effective offline backups are no longer sufficient to address the risks caused by ransomware.
Clients should take several steps to prepare for the immediate threat. First, they should ensure that their cybersecurity tools have the indicators of compromise for the malware listed in the advisory loaded. Second, they should make sure that those tools have proper visibility across the organization’s network. Third, all software should be fully patched and updated. Clients should consider advising employees to be especially careful around suspicious emails. Some clients may turn off non-essential services over the holiday weekend, such as RDP. Validating back-ups is another important consideration.
These steps may reduce the risk for this holiday weekend. Clients should take additional steps to address ransomware more broadly. These steps include developing and testing incident response plans, disaster recovery plans, and business continuity plans. Clients should also take steps to improve their basic cybersecurity posture, including eliminating unneeded software and services, scanning their networks for vulnerabilities, implementing vendor risk management, and increasing employee training. Multi-factor authentication is another critical tool in addressing ransomware, although it is not a magic bullet. Other actions may be advisable depending on a client’s specific circumstances.
If you have questions or concerns about ransomware or cybersecurity more generally, we can help you manage your risks and exposure. If you suffer a ransomware incident this weekend, or anytime, we are available to assist you.
In general, the new safety plans will split government employees, on-site contractors, and visitors into two groups – (1) the fully vaccinated and (2) those not vaccinated or those who refuse to provide proof of vaccination. Unsurprisingly, things are much harder for the second group:
Government agencies continue to expand the current patchwork of cybersecurity requirements. On April 14, 2021, the Department of Labor (DOL) released cybersecurity guidance for benefit plan sponsors, plan fiduciaries, record keepers, and plan participants.