IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

US government warns of increased risk of ransomware over holiday season

CISA and FBI issue joint statement warning organizations not to let their guard down

Holiday season warning

With Thanksgiving just days away, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have warned organizations that hackers won’t be taking time off and to have plans in place to deal with any ransomware attacks that are likely to occur over the holiday season.

In a joint statement, they said that while there were no specific threats known, recent 2021 trends showed that malicious hackers launched serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends.

“While we are not currently aware of a specific threat, we know that threat actors don’t take holidays,” said CISA director Jen Easterly. “We will continue to provide timely and actionable information to help our industry and government partners stay secure and resilient during the holiday season. We urge all organizations to remain vigilant and report any cyber incidents to CISA or FBI.”

The two agencies provided a list of actions IT teams could undertake to prevent or mitigate such attacks over the holiday period. These include: identifying IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack, implementing multi-factor authentication for remote access and administrative accounts, mandating strong passwords, and ensuring passwords are not reused across multiple accounts.

The agencies also said that if an organization used remote desktop protocol (RDP) or any other potentially risky service, they should ensure it is secure and monitored. Organizations were also urged to remind employees not to click on suspicious links and conduct exercises to raise awareness.

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

Organizations are being encouraged to review and, if needed, update their incident response and communication plans to reduce the risk of a severe business or functional degradation should they fall victim to a ransomware attack.

“The FBI is dedicated to combatting cyber-crimes targeting the American public and our private sector partners. Cyber criminals have historically viewed holidays as attractive times to strike,” said FBI cyber assistant director Bryan Vorndran. “We will continue to provide cyber threat information and share best safeguard practices. We urge network defenders to prepare and remain alert over the upcoming holiday weekend and report any suspicious activity to www.ic3.gov.”

The agencies also published a more comprehensive cyber security advisory here.

Featured Resources

ZTNA vs on-premises VPN

How ZTNA wins the network security game

Free Download

The global use of collaboration solutions in hybrid working environments

How companies manage security risks

Free Download

How to build a cyber-resilient business ready to innovate and thrive

Outperform your peers in your successful business outcomes

Free Download

Accelerating your IT transformation

How Cloudflare is innovating for CIOs to start 2023

Watch now

Recommended

GTA V vulnerability exposes PC users to partial remote code execution attacks
vulnerability

GTA V vulnerability exposes PC users to partial remote code execution attacks

23 Jan 2023
MSI to release securer BIOS settings after critical flaw discovered
vulnerability

MSI to release securer BIOS settings after critical flaw discovered

20 Jan 2023
China-backed hackers take down Amnesty International Canada for three weeks
Security

China-backed hackers take down Amnesty International Canada for three weeks

7 Dec 2022
'CryWiper' trojan disguises as ransomware, says Kaspersky
malware

'CryWiper' trojan disguises as ransomware, says Kaspersky

2 Dec 2022

Most Popular

Tech pioneers call for six-month pause of "out-of-control" AI development
artificial intelligence (AI)

Tech pioneers call for six-month pause of "out-of-control" AI development

29 Mar 2023
Getting the best value from your remote support software
Advertisement Feature

Getting the best value from your remote support software

13 Mar 2023
Microsoft Security Copilot could be a seismic success for the tech industry
Security

Microsoft Security Copilot could be a seismic success for the tech industry

29 Mar 2023