on Friday Entering this year’s Memorial Day weekend, Meat processing giant JBS. On the Friday before July 4th, IT management software company Kaseya And, through expansion, More than a thousand companies Different sizes.It remains to be seen whether Labor Day will appear High-profile ransomware crash The same, but one thing is clear: hackers like holidays.
Really, ransomware hackers also like regular weekends. But the long one? When everyone is partying with family and friends and deliberately avoiding anything related to remote offices? This is the good thing. Although this trend is not new, a joint warning issued by the FBI and the Cybersecurity and Infrastructure Security Agency this week emphasized just how serious the threat has become.
The appeal to attackers is very simple. Ransomware may take time to spread throughout the network, because hackers will try to elevate permissions to maximize control of most systems. The longer anyone notices, the more damage they cause. Brett Callow, a threat analyst at the anti-virus company Emsisoft, said: “In general, threat actors deploy their ransomware when people are less likely to start pulling the plug.” “The less likely an attack is detected and interrupted. “
Even if it is discovered relatively quickly, many of the people responsible for handling it may be by the pool, or at least harder to find than on a normal Tuesday afternoon. Katie Nickels, director of intelligence at security company Red Canary, said: “Intuitively, it makes sense that defenders may be less attentive during the holidays. This is largely due to the reduction in staff.” “If a major incident occurs during the holidays In the event of an incident, it may be more difficult for defenders to mobilize the necessary personnel to respond quickly.”
It is those major events that may have attracted the attention of the FBI and CISA; in addition to the JBS and Kaseya incidents, Devastating colonial pipeline attack It happened on Mother’s Day weekend. (Not a three-day weekend, but it still causes the greatest inconvenience.) These agencies stated that they did not have any “specific threat reports” indicating that similar attacks would occur during Labor Day weekend, but it shouldn’t be like anything if anyone It was a little surprised to do so.
It is also important to remember that ransomware is a constant threat, and for every noticeable gas shortage, dozens of small businesses are scrambling to send bitcoins to cybercriminals at any given time. In 2020, victims reported 2,474 ransomware incidents to the FBI’s Internet Crime Complaint Center, an increase of 20% over the previous year. According to IC3 data, the demand for hackers has tripled in the same time period. These attacks were not all focused on the three-day weekend and Hallmark holiday.
In fact, as CISA and FBI admit, weekends are usually welcomed by scammers. Callow pointed out that the number of files submitted to ID Ransomware (a service created by security researcher Michael Gillespie that allows you to upload ransom notes or encrypted files to find out what attacked you) tends to surge on Monday because the victims have already Return to the office to find their data encryption.
There are other forms of strategic timing for hackers. Carlo said that attacks on schools declined sharply in late spring and summer because the urgency associated with recovery was much less at that time.When they $81 million stolen from Bangladesh BankLazarus Group in, North Korea Timed robbery Not only should we take advantage of the difference between weekends in Bangladesh and the US (the former is Friday and Saturday), we should also take advantage of the Lunar New Year holiday, a holiday in most parts of Asia.