Pardon the reprise of a similar holiday-themed post from last year, Don’t Let Ransomware Steal Your Independence (Day), but if the shoe (and the sentiment) fits…
As the U.S. looks forward to the upcoming long holiday weekend, it is a good time for a reminder that cyber threat actors are no respecters of holidays. Observances and traditions notwithstanding, it is common for malware to be configured with a timed/delayed detonation. Ransomware, notoriously so. Therefore, these few days building up to the long weekend is a perfect time for actors to launch phishing campaigns or network compromises designed to proliferate ransomware payloads. As it is quite common for ransomware to detonate over the weekend for maximum damage, payloads designed to execute over the long weekend have an extra day to lock up files and abscond with your data not to be discovered until Tuesday morning.
So before you crack open that refreshing beverage, fire up the BBQ, and launch any Labor Day weekend fireworks, WaterISAC encourages members to plan for the worst and hope for the best. Check out the FBI-CISA Advisory on Ransomware Awareness for Holidays and Weekends. This Joint CSA from the FBI and CISA outlines immediate and longer term actions organizations can take to protect against the rise in ransomware, including:
- Making an offline backup of your data.
- Avoiding clicking on suspicious links.
- Securing and monitoring Remote Desktop Protocol endpoints.
- Updating OS and software.
- Using strong passwords.
- Using multi-factor authentication.
Additionally, WaterISAC suggests:
- Reviewing ransomware and data breach playbooks/policies/procedures, or at least discuss with your teams what you would do should the worst occur.
- Sending out security awareness reminders before the weekend to all staff on how phishing is a very common initial infection vector for ransomware, and how malicious actors send phishing emails well in advance of the ransomware actually executing/encrypting.
- Reminding staff not to open attachments or click on links contained in emails, even if the email looks like it is from a trustworthy source. And if they already have received and/or actioned a suspicious email, encourage them to report the event now.
- Checking device and network logs and events for potential intrusions, and consider configuring alerts for changes to files.
- Last, but not least, testing your (online and offline) backups before you need them.
And if you are looking for even more to do, this similar post from Malwarebytes has plenty of additional ransomware resilience actions to keep you from laboring in vain.