Report
Back to Newsroom

Cybereason Government Inc. Issues Ransomware Holiday Warning

Nov 22, 2021

Cybereason, the leader in operation-centric attack protection, today issued a Ransomware Advisory, through its government subsidiary, Cybereason Government Inc, warning government agencies and all organizations about a possible surge in ransomware attacks during the holidays and weekends. Cybereason Government Inc briefed more than 20 officials from CISA, the FBI and U.S. Secret Service on its Advisory and its recent global ransomware study. 

The genesis of advisory is based on new research published this week. Cybereason published results from a global research study looking at organizations that have previously suffered a successful ransomware attack on a holiday or weekend. A key result highlights the disconnect between organizational risk and preparedness. The report, titled Organizations at Risk: Ransomware Attackers Don’t Take Holidays, found that the vast majority of security professionals expressed high concern about imminent ransomware attacks, yet nearly half felt they do not have the right tools in place to manage it.

“Cybereason Government Inc’s Holiday Ransomware Advisory was created to increase awareness and offer prescriptive advice and recommendations on how to address the ransomware risk and reduce the likelihood of successful ransomware attacks during the 2021 holiday season,” said Sam Curry, President of Cybereason Government Inc and Chief Security Officer, Cybereason. 

The report outlines recommendations for how to reduce the risk of a ransomware attack during the holiday season and weekends, including:

--Practicing good security hygiene like implementing a security awareness program for employees, assuring operating systems and other software are regularly updated and patched, and deploying best-in-class security solutions on the network.

--Assuring key players can be reached at any time of day as critical response actions can be delayed during weekend/holiday periods. Having clear on-call duty assignments for off-hours security incidents is crucial here.

--Conducting periodic table-top exercises and drills and including those beyond the security team like Legal, Human Resources, IT Support and all the way up to the Executive Suite is also key to running a smooth incident response.

--Ensuring clear isolation practices are in place to stop any further ingress on the network or spreading of the ransomware to other devices. Teams should be proficient at things like disconnecting a host, locking down a compromised account, and blocking a malicious domain, etc. Testing these procedures with scheduled or unscheduled drills at least every quarter is recommended to make sure all personnel and procedures work as expected. 

--Evaluating lock-down of critical accounts for the weekend/holiday when possible. The usual path attackers take in propagating ransomware across a network is to escalate privileges to the admin domain-level and then deploy the ransomware. Those highest privilege accounts in many cases are rarely required to be in use during the weekend or holiday breaks. Teams should create highly secured, emergency-only accounts in the active directory that are only used when other operational accounts are temporarily disabled as a precaution or inaccessible during a ransomware attack.

--Deploying EDR on all endpoints. The quickest remedy to the ransomware scourge for public and private sector businesses is deploying EDR on endpoints according to Gartner’s Peter Firstbrook. Yet Firstbrook says that only 40 percent of endpoints have EDR.

For Help Evaluating Ransomware Risks, Contact:

CYBEREASON INCIDENT RESPONSE

Web: https://www.cybereason.com/services/incident-response

Phone: 855-695-8200


CISA

Email: central@cisa.gov

Phone: (888) 282-0870

Web: https://us-cert.cisa.gov

FBI

Email: CyWatch@fbi.gov

Phone: (855) 292-3937

Web: https://www.ic3.gov/

About Cybereason                                                                                                                                      Cybereason is the champion for today’s cyber defenders, providing operation-centric attack protection that unifies security from the endpoint, to the enterprise, to everywhere the battle moves. The Cybereason Defense Platform combines the industry’s top-rated AI-powered detection and response (EDR and XDR), next-gen antivirus (NGAV), Anti-Ransomware Protection and Proactive Threat Hunting to deliver context-rich analysis of every stage of a MalOp™ (malicious operation). Cybereason is a privately held, international company headquartered in Boston with customers in more than 40 countries. 

Media Contact:

Bill Keeler

Senior Director, Global Public Relations

Cybereason

bill.keeler@cybereason.com

(929) 259-3261