FBI warns of ransomware uptick ahead of Labor Day holiday

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert for consumers regarding an increase in ransomware attacks ahead of the upcoming Labor Day holiday. 

Both agencies say the ransomware attacks commonly occur during most holidays including the Fourth of July and want to make sure consumers are aware of the risks. 

"Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends over the last several months. The FBI and CISA do not currently have specific information regarding cyber threats coinciding with upcoming holidays and weekends," the agencies wrote in a press release issued on Aug. 31. 

The agencies say cyber criminals view holidays as "attractive time frames," ripe for targeting potential victims including small and large businesses. 

The heavy holiday traffic distracting business owners appear to give criminals the perfect opportunity to send malicious malware in order to take advantage of most consumers. 

According to the FBI's Internet Crime Complaint Center (IC3), which provides the public with a source for reporting information on cyber threats, they received 791,790 complaints for a variety of internet crimes. 

These ransomware variants have been the most frequently reported to the FBI over the last month:

  • Conti
  • PYSA
  • LockBit
  • RansomEXX/Defray777
  • Zeppelin
  • Crysis/Dharma/Phobos

According to the agency, cyber criminals use these types of malicious malware to exploit individuals or businesses by hacking sensitive information and extorting the victims in an attempt to get them to pay some form of ransom. 

Some tactics the FBI suggests consumers can use to fight potentially threatening malware is to look out for these red flags: 

  • Unusual inbound and outbound network traffic
  • Compromise of administrator privileges or escalation of the permissions on an account
  • Theft of login and password credentials
  • Substantial increase in database read volume
  • Geographical irregularities in access and log in patterns
  • Attempted user activity during anomalous log in times
  • Attempts to access folders on a server that are not linked to the HTML within the pages of the webserver
  • Baseline deviations in the type of outbound encrypted traffic since advanced persistent threat actors frequently encrypt exfiltration

The CISA says it also offers a range of no-cost "cyber hygiene services" that can be used to scan for ransomware and potential exposure to cyber threats. 

Other strategies to fight ransomware are listed on the agency’s website