Ransomware Attackers Don’t Take Holidays

Cybereason today published results from a global study of organisations that had suffered a ransomware attack on a holiday or weekend. The study highlights an ongoing disconnect between the increased risk organisations face from ransomware attacks that occur on holidays and weekends and their readiness to handle them, as year-over-year, ransomware attacks during these times take longer to assess and resolve.

The higher assessment and remediation times stem from the fact that 44% of companies reduce security staffing on holidays and weekends by as much as 70% from weekday levels. Shockingly, 20% of companies cut security staffing by 90% from weekday levels. Conversely, only 7% of companies are at least 80% staffed on holidays and weekends.

Titled Organisations at Risk: Ransomware Attackers Don’t Take Holidays, the study of 1,203 cybersecurity professionals, across 8 countries including the United Arab Emirates (UAE), found that holiday and weekend ransomware attacks result in greater revenue losses than ransomware attacks on weekdays. One-third of respondents said their organisation lost more money from a holiday/weekend ransomware attack, up from 13% of respondents in the 2021 study. In the education and transportation industries, the number of respondents reporting higher revenue losses jumped to 43% and 48%, respectively.

“Ransomware actors tend to strike on holidays and weekends because they know companies’ human defenses often aren’t as robust at those times. It allows them to evade detection, do more damage, and steal more data as security teams scramble to mobilise a response. Cybereason found that risk assessment is slower, it takes companies longer to assemble the team to fight the initial attack, which leads to slower remediation and recovery times,” said Lior Div, Cybereason CEO and Co-founder.

Financial losses aren’t the only thing businesses are concerned with when it comes to holiday and weekend ransomware attacks. In fact, ransomware attacks disrupt the lives of the security professionals defending businesses with 88% of respondents missing a holiday or weekend celebration due to a ransomware attack. These numbers were higher in the financial services industry, where more than 90% of respondents said they had missed out on time with family.

“Disrupting cybersecurity professionals’ well-earned downtime and interfering with their personal lives takes a toll on their wellbeing, leads to burnout and causes some people to leave the field altogether. The overall success cyber criminals have attacking on holidays and weekends leads to them more aggressively targeting companies during these times as a way to further fuel their criminal empires,” added Div.

Ransomware is preventable and many companies offer endpoint detection & response technologies that will stop the scourge. Implementing a security awareness program for employees and ensuring operating systems and other software are regularly updated and patched are steps in the right direction. In addition, organisations should ensure clear isolation practices are in place to stop any further ingress on the network or spreading of the ransomware to other devices. They should also evaluate locking-down of critical accounts when possible. The path attackers often take in propagating ransomware across a network is to escalate privileges to the admin domain-level and then deploy the ransomware.