The FBI warns businesses that ransomware attackers don’t take holidays. In a joint advisory issued by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), the warning stipulated the need for businesses to be aware of impactful ransomware attacks that occur on holidays and weekends.
In recent months, Cybercriminals have used several tactics, techniques, and procedures in periods when businesses are closed, and fewer staff at hand. Long weekends make for ransomware attacks and data breaches, according to Mintz. Cybercriminals seem to take advantage of understaffed IT resources on weekends and holidays.
What is ransomware?
Ransomware is a crime, a cybercrime to be exact. Take a computer virus and add the ability to lock (encrypt) and destroy your data and hold it for a ransom payable only in cryptocurrency. That’s a description of the most common ransomware attack. Some variants also spread through a business network, infecting and encrypting files and leaving a path of destruction.
In many cases, you don’t know your computer is infected until a ransom demand is displayed on your screen or you no longer have access to your data. Once ransomware takes over your computers and servers, your files and data will remain encrypted even after you remove all traces of the infection.
Remember: There is no guarantee that you will get any of your files back, even after paying the ransom.
Why is the FBI issuing this advisory?
The FBI warns businesses to understand how impactful ransomware attacks are: From January – July 2021 the FBI’s Internet Crime Complaint Center (IC3) received over 2000 ransomware complaints representing over $16.8M in losses. This means that there is a 20% increase in reported losses with numbers continuing to rise. Surprisingly, 37 percent of all businesses and organisations were hit by some form of ransomware in 2021.
Major attacks continue to make headlines in 2021: In the US, Mother’s Day weekend saw the Colonial Pipeline ransomware attack and over Memorial Day weekend, hackers attacked the JBS SA meatpacking operations in the US, Canada, and Australia. Software vendor Kaseya suffered a large-scale attack before the 4th of July weekend and cybercriminals used their platform to launch ransomware attacks against over 1,500 businesses worldwide.
How does ransomware affect my business?
The truth is: ransomware attacks are terrifying especially for small businesses that can’t afford to pay a ransom for lost data. There are mainly two ways that ransomware creeps into the business undetected:
- Phishing: Phishing is an email sent by a cybercriminal disguised as something legitimate. The cybercriminal phishes for anyone that may fall for the bait, just as you’d attach a worm to the end of a fishing hook.
- Guessing Passwords: Many businesses allow remote support connections to their workstations and servers. Criminals simply guess usernames and passwords to access your systems remotely.
The FBI advisory states that the most common access routes into businesses are phishing and brute-forcing unsecured remote desktop protocol (RDP) endpoints.
Here are tips to help you fend off ransomware attacks:
Tip 1: Ransomware easily enters your business via email. Make sure your employees are aware of the risks associated with dangerous emails, how to identify them, and where to report them to. Cybersecurity awareness and protections must be implemented at every level of the business, including at the leadership level.
Tip 2: Ask your support vendor to secure any remote connections into your business. This includes laptops, servers, and any other devices they support remotely.
Tip 3: Keep your anti-virus systems up to date and make sure your systems are patched frequently.
Tip 4: Ensure that your computer and server backups are completed regularly and tested throughout the year. Make sure that ransomware can’t spread to the backup servers too. You’ll need your backups to restore services and data following an attack.