Feds Warned to Look Out For Ransomware Grinches over the Holidays

Over the Thanksgiving holiday, my good friend Michael Bechetti texted me a funny little .gif cartoon where a turkey was talking with the Grinch—you know, the green guy who stars in the classic How the Grinch Stole Christmas movie, song, cartoon and Dr. Seuss story. In that little funny picture, the turkey had collected some money from his feathered friends and was trying to hire the Grinch to steal Thanksgiving. From the expression on his furry face, I don’t think the Grinch was interested.

At about the same time, I got a notice about a joint alert from CISA and the FBI warning that ransomware criminals were ramping up their campaigns over the holidays, and were also expected to target federal agencies and critical infrastructure alongside just about everyone else on the planet.

The holiday for me was a good one, and I got some much needed downtime, plus some time with my family. In fact, I settled into a holiday mindset surprisingly quickly this year. I guess I needed the break. The only thing is that the CISA warning kind of stuck in my head, because as nice as the holiday time is for most of us, it’s easy to forget that criminals don’t see the world in the same way. In fact, many likely see the holidays as an opportunity to strike while our collective guard is down. The warning made that point perfectly clear.

“As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you,” the warning states. “Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses and critical infrastructure.”

The warning stresses that there are no active threats at this time, but given the pattern of attacks over the holidays, especially on weekends or at night when people are likely away from their offices, that it’s smart to be especially vigilant. Because even though the Grinch’s heart grew three sizes as he reformed and became a good guy, there is little reason to believe that ransomware criminals will follow suit.

The warning provides some good advice to take in order to keep agencies, critical infrastructure providers and businesses safe during this otherwise joyous time.

That advice includes:

• Identifying IT and security employees who would be available to work over the weekends and holidays to respond to incidents and guard against ransomware attacks.

• Implementing multi-factor authentication for all remote access and administrative accounts.

• Mandating strong passwords and ensuring they are not reused across multiple accounts.

• If an organization uses remote desktop protocol (RDP) or any other potentially risky service, make sure that it is secure and monitored.

• Remind employees not to click on suspicious links, especially as phishing and other attacks ramp up during the holidays, and consider conducting exercises to raise awareness about these threats.

I believe this is the first year that CISA and the FBI have specifically sent out a warning about cybersecurity over the holiday season, but the situation is such that it is surely warranted now. The year-end security report from Atlas VPN reads almost like a horror novel.

According to the report, there were 107.28 million new threats identified for Windows operating systems in 2021, an increase of 18% or 16.53 million from last year, and that is without even including December in the totals. That means that criminals have been busy, creating about 328,000 new malware samples every single say throughout 2021. It seems like they are the ones who might need a break over the holidays, but you can bet they won’t take one.

It’s sad that we have to think about things like this, especially during an otherwise happy or festive time. But just like keeping your eyes peeled while walking through a dark parking lot or holding your wallet or purse close when out in public, so too must we now remain vigilant in cyberspace. Yes, even during the holidays.

Kudos to those IT workers who will be tapped to keep federal networks and critical infrastructure safe over the holiday season. Your role is absolutely critical this year, and we appreciate your service.

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology. He is the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys