October 23, 2021

Volume XI, Number 296

Advertisement
Advertisement

October 22, 2021

Subscribe to Latest Legal News and Analysis

October 21, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

FBI Warning: Ransomware Attackers Don’t Take Holidays

There is a pattern here.   Long holiday weekends make for ransomware attacks and data breaches.   It is well-known that malicious actors take advantage of understaffed IT resources on holidays.  In fact, it’s become such a common occurrence, that the FBI and the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security have issued a joint advisory warning organizations to be on high alert as Labor Day weekend approaches.

Three major attacks in 2021 were conducted over holiday weekends:  Mother’s Day weekend saw the Colonial Pipeline ransomware attack; over Memorial Day weekend, hackers attacked the JBS SA meatpacking operations in the U.S., Canada, and Australia; and in the weekend leading up to the July 4th holiday, software vendor Kaseya suffered a massive attack that allowed malicious actors to launch ransomware attacks against some 1,500 businesses all over the world. 

The FBI/CISA joint advisory urges businesses to be “especially diligent in your network practices” as this weekend approaches.   The advisory also sets out precautionary measures that should be at the top of every list heading into the weekend, including the continuous and active monitoring for ransomware threats over the weekend and identifying IT security personnel to be “on call” in the event of a ransomware attack.   Some other takeaways:

  • Make an offline backup of data.

  • Do not click on suspicious links.

  • If you use potentially risky services – like Remote Desktop Protocol – secure and monitor logs and ensure that security features are enabled and properly configured.

  • Update your operating system and software and scan for vulnerabilities

  • Use strong passwords.

  • Use multi-factor authentication.

  • Secure your user accounts.

  • Have an incident response plan.

Don’t let the hackers have a holiday with your network and data.

©1994-2021 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume XI, Number 245
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer
Member / Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...

617-348-1732
Advertisement
Advertisement
Advertisement