Friday before Memorial Day weekend this year, it was meat processing giant JBS. The Friday before July 4, it was Kaseya IT management software company and, by extension, more than a thousand companies of variable size. It remains to be seen whether Labor Day will see a large-scale ransomware collapse too, but one thing is clear: hackers love vacations.
Really, ransomware hackers love regular weekends too. But a long one? When everyone is having fun with family and friends and carefully avoiding all things remote desktop? This is the right thing. And while the trend is not new, a joint warning issued this week by the FBI and the Cybersecurity and Infrastructure Security Agency highlights just how serious the threat has become.
The call to attackers is fairly straightforward. Ransomware can take a long time to spread over a network, as hackers strive to elevate privileges for maximum control over most systems. The longer it takes for someone to notice it, the more damage it can cause. “Typically, threat actors deploy their ransomware when it’s less likely that people will be around to start unplugging,” said Brett Callow, threat analyst at anti-virus company Emsisoft. “Less chance that the attack will be detected and interrupted.”
Even if it’s caught relatively early, many of the caregivers are potentially poolside, or at the very least more difficult to reach than they would be on a normal Tuesday afternoon. “Intuitively, it makes sense for defenders to pay less attention during the holidays, in large part due to downsizing,” said Katie Nickels, chief intelligence officer for security firm Red Canary. “If a major incident occurs on a public holiday, it can be more difficult for defenders to bring in the necessary personnel to respond quickly. “
It was these major incidents that probably caught the attention of the FBI and the CISA; in addition to the JBS and Kaseya incidents, the devastating colonial pipeline attack took place on Mother’s Day weekend. (Not a three-day weekend, but still timed for maximum inconvenience.) The agencies said they had no “specific threat report” indicating that a similar attack would take place over the weekend. end of Labor Day, but it shouldn’t be. kind of surprise if we do.
It’s also important to remember that ransomware is a constant threat, and for every gasoline shortage that hits the headlines, dozens of small businesses are scrambling to send bitcoin to cybercriminals at all times. Victims reported 2,474 ransomware incidents to the FBI’s Internet Crime Complaints Center in 2020, a 20% increase from the previous year. Hacker requests have tripled over the same period, according to data from IC3. These attacks weren’t all focused around the three-day weekends and Hallmark holidays.
In fact, as the CISA and FBI recognize, weekends in general tend to be popular with scammers. Callow notes that submissions to ID Ransomware, a service created by security researcher Michael Gillespie that lets you download ransom notes or encrypted files to figure out what exactly hit you, tend to increase on Mondays, when victims returned to their offices to find their data. crypt.
Strategic timing on the part of hackers also takes other forms. Attacks on schools drop sharply in late spring and summer, Callow says, because there is much less urgency associated with the recovery by then. When they stole $ 81 million from the Bangladesh Bank, Lazarus Group of North Korea timed the heist to take advantage not only of the differences between Bangladeshi and American weekends – the former is Friday and Saturday – but also the Lunar New Year, a public holiday in much of Asia.