Just a week before the three day Labour Day weekend holiday, the FBI issued a warning, alerting the citizens to be precautious against ransomware hackings. The issue cited incidents to prove that some of the most successful cyberattacks occur during holidays.
Just take a look at the past few months; May saw two significant ransomware attacks over the holiday season, during Mother’s Day and the Memorial Day weekend. The former that is suspected to be associated with DarkSide paralysed the infrastructural entity in the energy sector, leading to extortion and a week-long halt in operations. On Friday, heading into Memorial Day weekend, the Food and Agricultural Sector was hit and suffered a complete production shutdown.
It’s easy to say; hackers seem to love holidays. A set of days with everyone out enjoying with their families and being offline? They probably won’t even realise they have been hacked until a few days later. Hackers have been around for years, and holiday hacking isn’t a new trend. The FBI’s warning sure makes it a serious one.
According to CyberRisk Insurance company, Coalition, an increasing amount of hackings are being done using a banking trojan, Trickbot, that installs ransomware. As of July 2019, Trickbot is estimated to have harvested over 250 million IDs and passwords from users opening an attachment or clicking a link.
Ransomware – the Monster in your Closet
Trickbot first enters a company network through employees opening an infected email attachment or clicking a malicious link from unreliable sources. It goes on to hijack the user’s email account and send the same malicious documents and links to the user’s entire contact list, spreading it as fast as possible through email. Next, the malware secretly installs a program on the infected computers and connects it back to a “command and control” centre that the hackers have complete control over, and by that, the computers. They can further use this to install ransomware, access email, or steal the personal/banking information of the users. Finally, when all the damage preparations have been completed, the hackers spring the tap and activate the ransomware.
Ransomware takes time to disseminate throughout a network, and hackers have maximum control over most systems. The holiday distraction means people won’t notice hacking quickly, giving the culprits more time to do all the damage they can fit in. It also means that people will be slow to deal with it since it will be more challenging to hold security than it would on any working day.
How dangerous is it?
The July 2 ransomware attacks on US cybersecurity is attributed to the REvil gang, a major Russian-speaking ransomware syndicate. In fact, according to cybersecurity researchers, targeting customers of Kaseya could be one of the broadest ransomware attacks on record. The attack affected thousands of victims in at least 17 countries with ransom demands between $45,000 and $5 million.
Unfortunately, many victims were busy celebrating the weekend by the poolside and did not even realise they had been hit until things reopened on July 5 or 6.
According to the FBI’s Internet Crime Complaint Center (IC3), 2020 saw a record number of 791,790 complaints about internet crimes, with reported losses exceeding $4.1 billion. This is a 69 per cent rise from complaints in 2019. In fact, 2,474 of the complete IC3 reports were malware, a 20 per cent increase from 2019.
How to run from it
Preparation from potential virus attacks works like a vaccine. The point isn’t to prepare prevention one day before a holiday – the chance is, the malware has already been installed on your computer, ready to strike during your Sunday brunch. Instead, you have to prepare a defence against viruses way before the ransomware hits.
In most cybersecurity circumstances, the FBI and CISA’s guidelines are the best practices:
- Don’t click on suspicious links.
- Make an offline backup of your data.
- Use strong passwords to secure your user accounts.
- Make sure your software is up to date, and scan it for vulnerabilities.
- Use two-factor authentication.
- If you use Remote Desktop Protocol or other well known risky servers — proceed with caution.
Lastly, don’t forget to check up on your computer even during holidays. Remember, holidays, though preferred, aren’t the only time for ransomware attacks. Hence, make sure to keep your digital life as safe and protected as your personal lives!