[BreachExchange] FBI, CISA warns ransomware attacks surge over holiday weekends: 6 things to know this Labor Day weekend

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Thu Sep 2 09:02:24 EDT 2021 

https://www.beckershospitalreview.com/cybersecurity/fbi-cisa-warns-ransomware-attacks-surge-over-holiday-weekends-6-things-to-know-this-labor-day-weekend.html

The FBI and Cybersecurity and Infrastructure Security Agency are warning
companies of the increased risk of ransomware attacks over Labor Day
weekend.

The FBI and CISA said there are surges in ransomware attacks on holidays
and weekends when offices are traditionally closed, according to an Aug. 31
CISA report. The federal agencies observed ransomware attacks consistently
on holiday weekends, such as the Fourth of July, Mother's Day weekend and
Memorial Day weekend. The FBI and CISA said there is no indication that a
ransomware attack will occur over the weekend, but wanted organizations to
be aware of the increased threat level.

Six things to know:

   1. The FBI's Internet Crime Complaint Center received 791,790 complaints
   about internet crime in 2020, with losses reportedly exceeding $4.1
   billion. From January to July 31, 2021, the center has received 2,084
   ransomware complaints with over $16.8 million in losses, a 62 percent
   increase in reporting and a 20 percent increase in reported losses compared
   to the same time frame in 2020.
   2. Conti, PYSA, LockBit, RansomEXX/Defray777, Zeppelin and
   Crysis/Dharma/Phobos are the ransomware variants most frequently reported
   to the FBI.
   3. Hackers are increasingly threatening to publicly name affected
   victims and release their sensitive data to push affected organizations to
   pay a ransom.
   4. The two most common initial access points are phishing and brute
   force attacks on remote desktop endpoints. Other common tactics of initial
   infection include deploying malware, exploiting software, exploiting
   managed service providers with access to customer networks and purchasing
   stolen credentials on the dark web.
   5. Hackers use the access to evaluate a victim's ability to pay a
   ransom, to evaluate the victim's incentive to pay ransomware to regain
   access to their data or avoid it being leaked, or to gather information for
   follow-up attacks.
   6. The FBI and CISA suggest organizations proactively hunt for threats
   in their networks to search for signs of unauthorized activity. Threat
   actors can be present for a long time before they lock down the system and
   request ransom payment.

To read the full list of threat mitigations, click here.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210902/304ab340/attachment.html>

More information about the BreachExchange mailing list