Reading Time: 2 minutes

CISA and the FBI warn organizations to be vigilant against cybercriminal gangs’ tendency of launching ransomware attacks over the upcoming labor day holidays and weekends.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), in a joint advisory, have warned companies in the US about potential ransomware attacks over the national holiday and weekend.

The advisory has been based on the recent attacks on T-Mobile, AT&T data breach, and more. The agencies said that they have issued a warning based on the pattern of previous ransomware campaigns over holidays or weekends and is not in response to a direct upcoming threat.

CISA-FBI Key Defenses

The CISA-FBI advisory has recommended a few key defences to mitigate the risks of ransomware and other malicious threats. They recommend organizations look for signs of attackers, segment networks, update software, scan for vulnerabilities, protect remote access, and not pay any ransom to the attackers.

“The FBI and CISA encourage all entities to examine their current cybersecurity posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware,” the advisory said.

The advisory also recommends organizations prepare a response plan beforehand for a ransomware attack, and a contingency plan in case the critical systems need to be taken offline.

Adam Kujawa, Malwarebytes Lab director, says that the risk of possible threats over the weekend is real. He also recommends companies shut down non-essential systems during the holiday weekend, as well as disable systems that are not needed.

“I think based on the immense amount of attacks coming during holidays this year, we should be concerned that something might happen. At the end of the day, though – holiday or not – attackers are focused on the opportunity as a sign to go after a particular organization, such as a vulnerability or misconfiguration or something like that,” he says.

To protect against ransomware attacks, make sure there is always someone watching over the systems during the holidays, and not the network unsupervised in case of a sudden attack.

Major Ransomware Attacks During Holiday Seasons

The majority of the recent ransomware attacks have taken place over the weekends. While there have been plenty of attacks on organizations ever since, CISA and FBI advisory highlighted the 3 biggest ransomware attacks that took place over the weekend as follows:

  1. Darkside cybercrime gang attacks the Colonial Pipeline on Saturday, May 7.
  2. REvil ransomware gang attacks JBS Foods over the US Memorial Weekend holiday. 
  3. REvil attacks Kaseya, an IT firm on July 4 US holiday.

As the cybersecurity threats keep rising in America, with large organizations being a major target of ransomware attacks, President Joe Biden recently called a CyberSecurity meeting with CEOs of all major tech companies including Apple, IBM, Amazon, Microsoft, Google, and more.

While there are a lot of ransomware gangs currently active, the FBI’s Internet Crime Complaint Center (IC3) highlighted the following gangs that have been quite active recently, with US organizations as their main target over the past month:

  • Conti
  • PYSA
  • LockBit
  • Zeppelin
  • RansomEXX/Defray777
  • Crysis/Dharma/Phobos

In addition to the current threat, the advisory also says that according to the latest trend in ransomware attacks, paying the ransom does not guarantee that your data will be recovered – hence the organizations should not pay the ransom. They advise companies to report the incident to CISA, or the local FBI office immediately to mitigate the risk.

Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA says:

“Ransomware continues to be a national security threat and a critical challenge, but it is not insurmountable. With our FBI partners, we continue to collaborate daily to ensure we provide timely, useful and actionable advisories that help industry and government partners of all sizes adopt defensible network strategies and strengthen their resilience. All organizations must continue to be vigilant against this ongoing threat.”

The CISA and FBI joint advisory says that there is no indication of a ransomware attack yet, but considering the past trend, attacks will most likely take place during the upcoming US Labor Day weekend.