“While we are not currently aware of a specific threat, we know that threat actors don’t take holidays,” CISA Director Jen Easterly said in a statement. “We urge all organizations to remain vigilant and report any cyber incidents to CISA or FBI.”
Ransomware gangs like to strike on the weekend or during holidays, when organizations are short-staffed and potentially off-guard. In one incident over the Fourth of July weekend, a criminal hacker breached Kaseya, a major US IT supplier, in a ransomware attack that affected up to 1,500 businesses around the world.
“[R]ecent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekend,” CISA and the FBI said.
A study by security firm Cybereason of more than 1,200 security professionals working at organizations that have suffered a ransomware attack found that nearly a quarter of those surveyed still do not have specific contingency plans for dealing with ransomware attacks over holiday periods.
Other types of hacks have rattled US businesses during Thanksgivings past. Sony Pictures Entertainment discovered the week of Thanksgiving, in 2014, that hackers had stolen reams of data from the film studio and destroyed some company computers in the process. US officials later blamed North Korean hackers for the cyberattack.
