Connect with us

Hi, what are you looking for?


Malware & Threats

CISA, FBI Warn of Increase in Ransomware Attacks on Holidays

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that ransomware actors are deliberately launching attacks during the holidays and weekends.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that ransomware actors are deliberately launching attacks during the holidays and weekends.

In a joint alert, the two agencies note that previous U.S. holidays such as the Fourth of July weeekend in 2021 were marked by an increase in cyber-incidents involving ransomware.

They also note that they currently have no indication that a cyberattack will occur over the upcoming Labor Day holiday, but encourage organizations to review their cybersecurity posture and apply recommended best practices to ensure they are protected.

“However, the FBI and CISA are sharing […] information to provide awareness to be especially diligent in your network defense practices in the run up to holidays and weekends, based on recent actor tactics, techniques, and procedures (TTPs) and cyberattacks over holidays and weekends during the past few months,” according to the advisory.

Cybercriminals, CISA and the FBI note, may choose to launch a ransomware attack during a holiday or a weekend because it gives them a head start for network exploitation and the propagation of ransomware, given that network defenders and IT support at the victim are at limited capacity.

Some of the previously observed attacks that employed this tactic included the DarkSide ransomware attack on Colonial Pipeline, and the Sodinokibi/REvil ransomware attacks on meat-packing giant JBS USA and IT management software maker Kaseya.

In 2020, the FBI’s Internet Crime Complaint Center (IC3) received 791,790 complaints for all types of internet crimes, with reported losses exceeding $4.1 billion. A total of 2,474 ransomware incidents were reported in 2020.

Advertisement. Scroll to continue reading.

[ Related: Colonial Pipeline CEO Explains $4.4M Ransomware Payment ]

Between January and July 31, 2021, the IC3 received a total of 2,084 ransomware complaints, with the reported losses exceeding $16.8 million. The ransomware variants more frequently reported over the past month were Conti, PYSA, LockBit, RansomEXX/Defray777, Zeppelin, and Crysis/Dharma/Phobos, the FBI says.

“Cyber criminals have increasingly targeted large, lucrative organizations and providers of critical services with the expectation of higher value ransoms and increased likelihood of payments. Cyber criminals have also increasingly coupled initial encryption of data with a secondary form of extortion, in which they threaten to publicly name affected victims and release sensitive or proprietary data exfiltrated before encryption, to further encourage payment of ransom,” the CISA/FBI alert reads.

The agencies also note that phishing and brute force attacks on unsecured remote desktop protocol (RDP) remain the most commonly used infection techniques employed by ransomware operators and recommend that organizations “engage in preemptive threat hunting on their networks” to make sure they can prevent attacks before they occur.

CISA and the FBI also encourage organizations to review and apply the ransomware prevention best practices and strongly advise against paying a ransom.

Related: FBI Confirms REvil Ransomware Involved in JBS Attack

Related: Colonial Pipeline CEO Explains $4.4M Ransomware Payment

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.