Ransomware groups, in particular, are keen to strike during the holiday season. Last year, DarkSide struck Colonial Pipeline Company on Mother’s Day; REvil struck JBS Foods on Memorial Day; and REvil struck IT management company Kaseya over the Fourth of July. This year, there is no sign that the ransomware threat is going anywhere.
Earlier this month, the U.S. Department of Health and Human Services (HHS) issued a warning that attacks using Royal; a new strain of ransomware, were on the rise. Since September, the Royal ransomware group has significantly ramped up their operations. In November, Royal took England’s most popular racing circuit, Silverstone Circuit, offline. In December, Royal compromised the Travis Central Appraisal District, a property appraisal service, shutting down the company’s email, website, and servers for more than two weeks. Due to historic use of ransomware against the health sector, HHS warned that Royal should be considered a direct threat to the health and public health sectors.
Organizations can guard against attacks during the holidays by educating employees about the increased risks and reminding workers of company policies on cyber hygiene and protocols for reporting suspicious emails or other suspect activity.
Preventative measures include:
- Confirm that all software updates and patches have been applied and Safe Links is enabled for all Microsoft products before IT professionals take time off for the holidays.
- Lockdown privileged accounts.
- Review incident response and contingency plans to verify they are up-to date.
- Include contact information for legal counsel, any cybersecurity vendors on retainer, and insurers or brokers in the response plan.
- Ensure key employees with roles in incident response and/or emergency operations have a copy of the incident response and contingency plans readily accessible during the holidays if a cyber incident occurs. Remember that if an incident does occur, electronic copies of incident response plans and contact information for key stakeholders may not be accessible. Have a paper copy handy.