Holiday Season and Ransomware

As we head into the Holiday Season, Information Security workers typically see a dramatic increase in cyber malfeasance, including ransom attacks.

Ransomware is a lucrative industry for cybercriminals, and relatively easy to pull off. While past holiday follies included highly automated tools and scripts, we must consider ransomware tools are even available to less sophisticated hackers, many of whom are students returning home from the holidays.  

Ransomware events generally occur as a result of poor security practices and can be prevented. Ransomware can be delivered by email, credential stuffing, by drive-by downloads, and through lateral movement from previously infected systems and sleepers.

A few simple steps can help prevent most non-targeted infections:

1. Maintain offline non-automated backups of any critical systems or data storage. Offline backups are those that are manually created and stored in a separate location, i.e., external hard drives or other media, a manual copy made to a cloud storage provider. These offline backups allow you to restore from a clean copy of your data if/when needed.
2. Phishers will try to trick employees into installing malware. Provide awareness training and reminders as we head into the holiday period.
3. Keep antivirus and operating systems up to date. Microsoft Defender is free on Windows 10. Use it without hesitation.
4. Most new Unified Threat Management/Next-Generation Firewalls can kill connections before infection.
5. Global Guardian also recommends the use of a good anti-evasion application. These applications automatically kill any action that tries to evade antivirus.
6. SOC Operators should be especially vigilant.

Opportunistic ransomware events often occur in small and medium-sized businesses because they lack even foundational levels of security. Even one infection can cause a bad holiday period.

ABOUT GLOBAL GUARDIAN 

Global Guardian is a McLean, VA based global security firm that provides its clients with access to a comprehensive suite of security services. Its capabilities include personnel tracking supported by a dedicated 24-hour Operation Center, a full range of personnel-based security and executive protection services, medical support and transportation, travel intelligence and emergency response and evacuation services in over 100 countries. Global Guardian’s suite of risk mitigation services provides organizations with innovative and cost-effective solutions to help them protect their staff and business operations around the world.

Find out how our team can support your security needs. For assistance, call our 24/7 Operations Center at 703.566.9463 or click below.