JBS, a meat processing company, was the victim on Friday before Memorial Day weekend. It was Kaseya, an IT management software company, and over a thousand other businesses. While it remains to be seen if Labor Day will also see a ransomware crisis, one thing is certain: Hackers love holidays.
Really, ransomware hackers love regular weekends, too. But how long is it? It's when everyone is out having fun with their friends and family, and studiously avoiding any office-related business. This is the best stuff. This trend is not new. However, the FBI and Cybersecurity and Infrastructure Security Ag issued a joint warning this week that highlighted how grave the threat has become.
It is easy to see why attackers are attracted. Ransomware can take some time to spread throughout a network. Hackers work to increase privileges to ensure maximum control over all systems. The more damage hackers can cause, the longer they take to get noticed. According to Brett Callow, Emsisoft's threat analyst, ransomware is deployed by threat actors when there is less chance of people pulling the plugs. There is less chance that the attack will be detected and stopped.
Even if the incident is caught quickly, many of those in charge are likely to be poolside or more difficult to reach than on a Tuesday afternoon. According to Katie Nickels (director of intelligence at security company Red Canary), it is intuitive that holiday-time defenders might be less attentive due to a decrease in staff. It may be harder for defenders and emergency responders to quickly respond to a major incident that occurs on a holiday.
These major incidents are what likely caught CISAs and FBI's attention. In addition to the JBS, Kaseya and Kaseya incidents the catastrophic Colonial Pipeline attack occurred over Mothers Day weekend. This was not a three-day weekend but it was still scheduled to cause maximum inconvenience. Although they didn't have any threat of a similar attack occurring over Labor Day weekend as reported by the agencies, it shouldn't surprise that one would.
Ransomware is a constant threat. There are many small businesses that at any time, in response to headline-grabbing oil shortages, scrambling for bitcoins to cybercriminals. In 2020, victims reported 2,474 ransomware attacks to the FBI's Internet Crime Complaint Center. This is a 20% increase on the previous year. According to IC3 data, hacker demands tripled within the same timeframe. These attacks were not all focused on three-day weekends or Hallmark holidays.
CISA and FBI both acknowledge that weekend crooks are more likely to use weekends as a getaway. Callow noted that submissions to ID Ransomwarea security researcher Michael Gillespie's service that allows you to upload ransom files or ransom notes to figure out what hit you, tend to spike on Mondays when victims return to their offices to find their data encrypted.
Hackers can also use strategic timing to their advantage. Callow states that attacks on schools are less common in the summer and late spring because there is less urgency for recovery. North Korea's Lazarus Group stole $81 million from Bangladesh Bank. They did this to capitalize on differences between weekend schedules in the US and Bangladeshi. In the latter, Friday and Saturday are the same days. The Lunar New Year is a holiday that spans much of Asia.