Are you waiting for Labor Day? So do brutal gangs of cybercriminals.
Meat processing giant JBS was on a Friday during this year's Memorial Day holiday. On the Friday before the Fourth of July, the company had a program to manage Kaseya IT and thus more than a thousand companies of various sizes. It remains to be seen if Labor Day will see a major ransomware collapse, but one thing is for sure: hackers love the holidays.
In fact, ransomware hackers also love regular weekends. but long? When everyone is having fun with family and friends and refuses to do any remote work in the office? That's a good thing, and while this isn't a new trend, a joint warning issued this week by the FBI and the Cybersecurity and Infrastructure Agency underscores just how serious the threat is.
The request is too simple for attackers. Ransomware can take a long time to spread across the network, as hackers seek to maximize results to gain maximum control over most systems. The longer a person takes to realize it, the more damage it can do. “In general, attackers use their ransomware when people are less likely to initiate contact,” said Brett Kahlo, Threat Analyst at Emsisoft Antivirus. "There is less chance of identifying and stopping the attack."
Even if they are caught relatively early, it is likely that many of the people responsible will be near the pool, or at least much more difficult than on a typical Tuesday afternoon. "Visually, it makes sense that advocates pay less attention during the holidays, in large part due to staff cuts," said Katie Nichols, director of intelligence at security firm Red Canary. "If there is a major incident during the holiday, it will be difficult for the defenders to bring in the necessary personnel to respond quickly." In addition to the JBS and Kaseya incidents, the devastating attack on the Colonial Pipeline occurred on Mother's Day weekend. (The weekend isn't three days, but it's still scheduled for maximum inconvenience.) The agencies said they had no "specific threat reports" that a similar attack would happen over the Labor Day weekend, but it shouldn't. If anyone does this, it's a surprise.
You should also keep in mind that ransomware is a constant threat, and for every gasoline shortage that gets dozens of attention, there are dozens of small businesses at any time sending bitcoins to criminals. Attempt. Victims reported 2,474 ransomware cases to the FBI's Internet Crime Complaint Center in 2020, up 20 percent from the previous year. According to IC3 data, requests from hackers tripled in the same period. These attacks weren't all over the three-day weekend and the Hallmark weekend. Kahlo notes that the introduction of ID Ransomware — a service developed by security researcher Michael Gillespie — that allows you to upload ransom notes or encrypted files to find out exactly what infected you — usually spikes on Mondays, when victims return to their offices to find the information. encrypted. According to Kahlo, attacks on schools decline rapidly in the late spring and summer because there are far fewer urgent recoveries. When they stole $81 million from a Bangladesh bank, the Lazarus Group set out to steal it, not only because of the difference between the weekend in Bangladesh and the US - on the first Friday and Saturday - but also because of the new moon. year, use the holidays. Asia.Advertising
It is true that many of the big ransomware gangs - including DarkSide, Ragnarok and REvil - have recently been disbanded or taken offline. Anne Neuberger, deputy national security adviser, said at a press conference Thursday that US intelligence agencies have recently seen a decline in ransomware. But security researchers soften any sighs. “Ransomware groups like Pysa, Lockbit 2.0, Conti, and many more continue to harm organizations,” Nichols says. "Even when one or more of the dominant ransom families disappears, there is usually another family behind to fill that gap." At the same press conference, Neubarger warned organizations to "be careful" on the eve of a long weekend.
Unfortunately, preparing for a potential hack doesn't mean using different slots on Friday afternoon. By that time, it was too late; Attackers tend to hide in damaged systems and attack at the most appropriate moment. The best time for a strong defense was often weeks before a ransomware attack. "Most rundown houses happen in the middle of the day, but you don't just lock down your house," Kahlo says. Avoid hacking into yourself, whether on the eve of a long weekend or afterward. The FBI and CISA recommendations reflect best practices for most cybersecurity situations: Don't click on suspicious links. Backup your data without an internet connection. Use strong passwords. Make sure your software is up to date. Use two-factor authentication. Be careful if you are using Remote Desktop Protocol - a Microsoft product that has proven to be a popular entry point for attackers in the past. And maybe keep in touch with a few others over the weekend.
This story first appeared on wired.com.
Why do ransomware hackers love the weekend
The Starlink SpaceX satellite bandwidth service wi...
Telegram has expanded as a hub for cybercriminals seeking to...