"Feds Warn of Ransomware Attacks Ahead of Labor Day"

The FBI and CISA put out a joint cybersecurity advisory (PDF) Tuesday, noting that ransomware actors often ambush organizations on holidays and weekends when offices are typically closed, making the upcoming three-day weekend a prime opportunity for threat actors.  The agencies stated that they haven’t discovered “any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday," they are instead working on the idea that it is better to be safe than sorry given that some significant cyberattacks have occurred over holidays and weekends during the past few months.  Researchers at Cerberus Sentinel stated that attackers usually go after organizations when there are three-day weekends, mainly because the absence of crucial personnel makes it less likely that targeted organizations can quickly detect and contain attacks once launched.  The additional time gives attackers the ability to exfiltrate more sensitive data or lock up more computers with ransomware than they otherwise might have been able to.  The now-infamous Colonial Pipeline attack by now-defunct ransomware group DarkSide that crippled the oil pipeline on the East Coast for some weeks after occurred in the lead-up to Mother’s Day weekend, agencies observed.  Then later in May, over the Memorial Day weekend, the REvil ransomware group targeted the world’s largest meat distributor JBS Foods, forcing the shutdown of some operations in both the United States and Australia and causing disruption in the global food supply chain. Like DarkSide, REvil also has since closed up shop.  Another major ransomware attack by REvil occurred over the Fourth of July holiday weekend, this time exploiting zero-day vulnerabilities in the Kaseya Virtual System/Server Administrator (VSA) platform.  Though the two ransomware players who launched these previous attacks are now gone, there are still plenty who are active, federal agencies warned.  The FBI’s Internet Crime Complaint Center (IC3), which logs cyber incident complaints about various types of Internet crime, said attacks from the following ransomware variants have been the most frequently reported to the FBI over the last month: Conti, PYSA, LockBit, RansomEXX/Defray777, Zeppelin, and Crysis/Dharma/Phobos.

Threatpost reports: "Feds Warn of Ransomware Attacks Ahead of Labor Day"