Security

Season’s greetings: CISA and FBI warn on holiday ransomware attacks

In a joint press release with the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) is warning about holiday cyberattacks, especially ransomware. It is not uncommon to see a spike in cybercriminal activity during the holiday season, most notably since purchases go into overdrive, as many individuals are buying gifts for loved ones. Because purchases, both due to convenience and the pandemic, have moved more into the cyber-realm, cybercrime is an all-too-real threat.

CISA and the FBI are particularly concerned about the presence of ransomware attacks taking over consumers’ devices during the holidays. While they do not name specific ransomware variants or cybercrime groups, CISA bases its warning on the following information:

Although neither CISA nor the FBI currently have identified any specific threats, recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends. CISA and the FBI strongly urge all entities — especially critical infrastructure partners — to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats.

Furthermore, CISA gives the following advice to business leaders to help mitigate ransomware threats during the holiday season:

  • Ensure there are IT security teams available for times during the holiday season when the biggest risk of ransomware attack exists, especially Black Friday, Cyber Monday, and Christmas Eve.
  • Enforce multifactor authentication for all accounts, especially those belonging to administrative positions and those that allow remote access.
  • Make certain that strong alphanumeric passwords are used on all logins in the company and no password reuse is taking place.
  • Secure remote desktop protocol (RDP) if your business utilizes it.
  • Send out reminders to employees about not engaging with suspicious links, have frequent updates to inform them of potential threats.

In all, some of this may seem basic to the security-minded. Unfortunately, with ransomware attacks still wreaking havoc globally, these reminders from CISA obviously are necessary.

Featured image: Shutterstock

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist. Kortepeter specializes in areas such as cyber defense, privacy rights, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

T-mobile's recent robocall report shows massive increase in 2021

Wireless service provider T-Mobile released a new report on robocalls. The report confirms the recent…

2 days ago

Overview of PowerShell versions and how to check what version you have?

PowerShell is one of the most popular scripting languages and it is installed by default…

2 days ago

TCP vs. UDP: Understanding the Limitations

TCP and UDP are two different protocols to handle data transfer. Both have their benefits…

3 days ago

Three ways to run .exe files in PowerShell

An executable file can have hundreds of different file extensions, and ".exe" is just one…

3 days ago

How to delete files and folders using PowerShell

Do you want to delete files and folders using PowerShell? We have you covered! Read…

4 days ago

The Major Barriers to SMB Cybersecurity

Small and medium-sized businesses (SMBs) are a less resistant target for cyber attackers. This is…

4 days ago