CISA Issues Holiday Ransomware Message

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning Americans not to take a break from cybersecurity this holiday season.

In a joint alert issued Monday, the agencies urged the public and private sector organizations to “remain vigilant and take appropriate precautions to reduce their risk to ransomware and other cyberattacks” ahead of Thanksgiving.

The warning was not triggered by receiving any specific threat intelligence but was born instead from knowing what has come to pass. 

“This advisory is based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting,” said the agencies. 

“Specifically, malicious cyber actors have often taken advantage of holidays and weekends to disrupt critical networks and systems belonging to organizations, businesses, and critical infrastructure.” 

The agencies said that data gathered in 2021 showed cyber actors launching “serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends”.

A paper chain of recommended mitigations accompanied the call for caution. First, entities were advised to select and identify the IT security employees to provide weekend and holiday cover in the event of a ransomware attack. 

Other advice included:

  • Implementing multi-factor authentication for remote access and administrative accounts.
  • Mandating strong passwords.
  • Training employees not to click on suspicious links.

Attack techniques the agencies specifically warned against included phishing scams in which threat actors pose as charities and fraudulent sites spoofing genuine businesses to target holiday shoppers. 

“The FBI is dedicated to combatting cyber-crimes targeting the American public and our private sector partners. Cyber-criminals have historically viewed holidays as attractive times to strike,” said FBI Cyber assistant director Bryan Vorndran. 

“We will continue to provide cyber threat information and share best safeguard practices. We urge network defenders to prepare and remain alert over the upcoming holiday weekend and report any suspicious activity to www.ic3.gov.”

CISA Director Jen Easterly said: “While we are not currently aware of a specific threat, we know that threat actors don’t take holidays.”

Leave a Reply