The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau Investigation (FBI) issued a warning to public and private sector organizations and critical infrastructure partners to keep their defenses up against ransomware attacks this holiday season. The federal agencies issued the joint advisory based on observations regarding the timing of previous high-impact ransomware attacks, not as a reaction to a specific threat reported. During weekends and holidays, threat actors take advantage of a decreased readiness to respond to cybersecurity attacks and attempt to breach public and private sector companies’ critical networks and systems.
The CISA and the FBI provided a list of mitigations, including having an IT security team ready to respond to ransomware attacks even after regular office hours.
- Implement multi-factor authentication (MFA) for remote access and administrative accounts.
- Mandate strong passwords and do not reuse them on multiple accounts.
- Make sure remote desktop protocol (RDP) or other potentially risky services are secure and monitored.
- Remind employees not to click on suspicious links, and have training exercises to raise awareness.
- Review and update incident response and communication plans companies will implement if impacted by a ransomware attack.
The Cybersecurity and Infrastructure Security Agency explains that even though the agency is not aware of a specific threat, they do know that threat actors don’t take holidays off. The agency is urging companies to stay vigilant and report any cyber incident to either the CISA or FBI. The FBI is dedicated to fighting cybercrimes that target American public and private sector partners. Historically, cyber criminals viewed holidays as a major opportunity to engage in cyberattacks. The warning issued is like the one issued before Labor Day weekend after the CISA and FBI discovered that highly impactful ransomware attacks target U.S. companies when offices are closed.
The CISA is offering various cyber hygiene services at no cost, including vulnerability scanning and ransomware readiness assessments, to help critical infrastructure industries assess, identify, and reduce exposure to cyber threats. Companies of any size will receive recommendations on how to reduce risks and mitigate cyberattacks by utilizing these services.
The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) revealed financial losses by companies that suffered from ransomware attacks in previous years by linking nearly $5.2 billion in outgoing Bitcoin (BTC) transactions to paid ransoms. FinCEN’s report comes after governments worldwide announced they will crack down on cryptocurrency payment channels used by ransomware groups.
With the major holidays quickly approaching and ransomware groups working overtime to identify potential targets, it’s crucial for companies of all sizes to remain alert of the current threat landscape and implement strong network security solutions to prevent ransomware attacks. At SpearTip, our certified engineers continuously monitor partner networks 24/7, even on weekends and holidays, at our Security Operations Centers for potential ransomware threats. When it comes to cyber threats, being proactive is the most effective way to protect your company’s data network. SpearTip’s ShadowSpear, our endpoint detection and response platform, is a great proactive tool in preventing ransomware from encrypting your networks and demanding a ransom.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.