Ransomware Alert: Hackers Love a Long Weekend Too | ActZero

Ransomware is a vicious malware designed to deny users or organizations access to their systems. If successful, the threat actor demands a ransom, holding business assets hostage until fulfilled. The company receives a decryption key to regain access if they disburse payment.

The potential cost of a ransomware attack often extends beyond the ransom itself. Encrypted files are sometimes unusable and, if permanently locked, force companies to start from scratch. It is a harsh reality that while some businesses—large corporations recover from downtime, others, Small and Mid-sized Businesses (SMBs), may not.

This post will discuss how long weekend cyber-attacks have evolved and provide data-backed recommendations on hardening your systems.

Let's get started.

What is a long weekend cyber-attack tactic?

Ransomware is proving to be the bane of our existence, affecting everyone from regular people to SMBs and large corporations.

Holidays and long weekends are a global treasure, often cherished for relaxation or getting our affairs in order. Unfortunately, cybercriminals have tagged this timeframe as a dead zone, capitalizing on this corporate downtime to execute devastating attacks for large-scale impact and high-value payouts. According to the Cybersecurity & Infrastructure Security Agency (CISA), cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends over the last several months.

For any organization, especially those without advanced cybersecurity protections, limited capacity, i.e., skeletal personnel for an extended period, gives threat actors lead time—a window of opportunity for the propagation of ransomware.

Threat Landscape: Why this needs your attention

Malicious actors lie in wait for an opportunity to attack. So creative and single-minded are these adversaries that they continue to adapt quickly to the latest vulnerabilities in your network. Are you ready for an attack? As evidenced in the News, unpreparedness on your part is costly. Download our whitepaper: Foundations for Incident Response Readiness, to get user-friendly, best practice-informed templates for incident preparation, planning, and training.

Case Study: Recent long weekend ransomware attacks

Sadly, the interconnected ecosystem has become a breeding ground for chain attacks. A ransomware attack targeting an SMB partnered with critical infrastructure companies is often a means to an end. It is more likely that the hacker's goal is to attack critical infrastructure, i.e., healthcare, finance, food, and education, for widespread disruption to guarantee windfall gains.

The latest tactic in cyber criminals' arsenal is long weekend attacks, which have proved damaging, establishing the need for robust security safeguards. Its alarming frequency has triggered a warning loop for businesses to implement good corporate-wide cyber hygiene.

Here are three headline-grabbing incidents that deserve mention:

Colonial Pipeline: Affiliate hackers of the cybercriminal syndicate, DarkSide, exploited a compromised account, infecting the network of one of the most significant and vital fuel pipelines in the U.S. This attack occurred days leading up to the Mother's Day weekend and led to shortages across the East coast. CEO Joseph Blount cast the company as a victim of forces beyond its control but acknowledged that its network was breached through an account without multi-factor authentication, considered a basic tenet of corporate cybersecurity. See here for more.

JBS: The world's largest meat processing company found itself in a predicament when REvil, a ransomware-as-a-service (RaaS) cybercriminal group, hacked its computer network, halting operations in Australia, Canada, and the U.S. This attack caused a global disruption that threatened food shortages and inflated prices. Even more catastrophic, given the attack timed to coincide with the Memorial Day long weekend.

Kaseya: Over the Fourth of July weekend, the well-known ransomware group, REvil, launched a supply chain ransomware attack on Kayesa, an I.T. solutions provider for enterprises and Managed Service Providers (MSPs). At least 200 businesses were affected by a vulnerability in the VSA remote management service, which was exploited to distribute malware through a malware protection program.

These attacks illustrate how unrelenting threat actors can be and how far they will go to undermine ransomware protection. Ransomware attacks are rife and demand stalwart vigilance. 

Below are twelve time-tested practices to harden your network and security system. 

12 Cybersecurity Tips and Best Practices for Your Business:

1. Education! Awareness training for all employees is critical. This builds a culture of vigilance for social engineering tactics like phishing, often used by threat actors. To echo the words of Mike Alvarez, US secret service network intrusion forensic analyst, on Ransomware: Government Strategy and Secret Service Tactics, a chain is only as strong as its weakest link.
   
   
2. Identify and address the gaps in your safeguards as the first step to vulnerability management. 
   
   
3. Make patch management—identifying and adopting improvements, releasing, and validating installation of software updates, a corporate standard.
   
   
4. Enable multi-factor authentication (MFA) to provide an additional layer of security.
   
   
5. Enforce strong password policies. This looks like a randomized mix of ten or more characters, including letters (upper and lower), symbols, and numbers. Pro tip: Do not use short, easy-to-remember common words and personal information. Using your pet's name as a password, though cute, poses severe risks to your online security.
   
   
6. Close all unnecessary and unused ports. Failure to do so leaves your router vulnerable to hackers.
   
   
7. Back up your data and store it offline. Physical separation from your live environment fosters quicker recovery in the event of an attack. But also keep this in mind—if your data is inaccessible, it cannot be corrupted, taken hostage, or exfiltrated.
   
   
8. Encrypt data and monitor at rest and in transit.
   
   
9. Apply the Principle of Least Privilege, aka Zero trust approach, in which case the need to complete a required task is the sole prerequisite for access.
   
   
10. Deploy network segmentation. Taking the step to compartmentalize your network allows for methodical security management and ingrained compliance.
    
    
11. Manage the Internet of Things (IoT) to circumvent potential security issues inherited from connected devices. For example, turn off all automatic connection services.
    
    
12. Conduct ongoing comprehensive audits on your security network.

Conclusion

Ransomware is a spiraling threat. Thus, the fight to protect your assets never ends. Adopting proactive defense strategies elevates your company's security posture. I recommend establishing Cybersecurity Key Performance Indicators (KPIs) to help guide security improvement initiatives and a personalized action plan for ransomware mitigation, response, and recovery. Download Ransomware Taskforce: Blueprint for Ransomware Defense for a clear and actionable framework.

The ransomware epidemic is a vicious cycle that does not clock off. Neither should you. ActZero's machine learning (ML)-enabled managed detection response service (MDR) is a 24/7 ransomware defense you can measure and trust. Invest with resilience in mind. Book a demo today to see ActZero MDR in action.