US government warns of increased risk of ransomware over holiday season

CISA and FBI issue joint statement warning organizations not to let their guard down

Holiday season warning

With Thanksgiving just days away, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have warned organizations that hackers won’t be taking time off and to have plans in place to deal with any ransomware attacks that are likely to occur over the holiday season.

In a joint statement, they said that while there were no specific threats known, recent 2021 trends showed that malicious hackers launched serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends.

“While we are not currently aware of a specific threat, we know that threat actors don’t take holidays,” said CISA director Jen Easterly. “We will continue to provide timely and actionable information to help our industry and government partners stay secure and resilient during the holiday season. We urge all organizations to remain vigilant and report any cyber incidents to CISA or FBI.”

The two agencies provided a list of actions IT teams could undertake to prevent or mitigate such attacks over the holiday period. These include: identifying IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack, implementing multi-factor authentication for remote access and administrative accounts, mandating strong passwords, and ensuring passwords are not reused across multiple accounts.

The agencies also said that if an organization used remote desktop protocol (RDP) or any other potentially risky service, they should ensure it is secure and monitored. Organizations were also urged to remind employees not to click on suspicious links and conduct exercises to raise awareness.

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

Organizations are being encouraged to review and, if needed, update their incident response and communication plans to reduce the risk of a severe business or functional degradation should they fall victim to a ransomware attack.

“The FBI is dedicated to combatting cyber-crimes targeting the American public and our private sector partners. Cyber criminals have historically viewed holidays as attractive times to strike,” said FBI cyber assistant director Bryan Vorndran. “We will continue to provide cyber threat information and share best safeguard practices. We urge network defenders to prepare and remain alert over the upcoming holiday weekend and report any suspicious activity to www.ic3.gov.”

The agencies also published a more comprehensive cyber security advisory here.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021

Most Popular

Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Apple's mixed reality headset could debut in 2022
augmented reality (AR)

Apple's mixed reality headset could debut in 2022

29 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021