Jump to content
The Wifcon Forums and Blogs

  • entries
    369
  • comments
    8
  • views
    16,327

Client Alert-Labor Day Ransomware Threat


Centre Law & Consulting

35 views

 Share

GovCon Legal Alerts

Client Alert-Labor Day Ransomware Threat

By: Brandon Graves, Partner, Centre Law & Consulting

Share on facebook
Share on twitter
Share on linkedin

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory concerning an elevated threat of ransomware attacks over the holiday weekend. 

Neither agency has identified a specific threat but base their warning on historic spikes in ransomware activity over recent holiday weekends.  Commodity ransomware is a threat to all businesses regardless of size due to its low cost to deploy, resulting in a “spray and pray” method of malware distribution.  Clients with high revenue or sensitive data are at risk of more targeted threats.

Modern ransomware facilitates blackmail in two ways: 

  1. it encrypts important data and/or systems to that organizations can’t function.
  2. it exfiltrates data that the criminals can threaten to release that data if they aren’t paid. 

This means that effective offline backups are no longer sufficient to address the risks caused by ransomware.

Clients should take several steps to prepare for the immediate threat.  First, they should ensure that their cybersecurity tools have the indicators of compromise for the malware listed in the advisory loaded.  Second, they should make sure that those tools have proper visibility across the organization’s network.  Third, all software should be fully patched and updated.  Clients should consider advising employees to be especially careful around suspicious emails.  Some clients may turn off non-essential services over the holiday weekend, such as RDP.  Validating back-ups is another important consideration.

These steps may reduce the risk for this holiday weekend.  Clients should take additional steps to address ransomware more broadly.  These steps include developing and testing incident response plans, disaster recovery plans, and business continuity plans.  Clients should also take steps to improve their basic cybersecurity posture, including eliminating unneeded software and services, scanning their networks for vulnerabilities, implementing vendor risk management, and increasing employee training.  Multi-factor authentication is another critical tool in addressing ransomware, although it is not a magic bullet.  Other actions may be advisable depending on a client’s specific circumstances.

If you have questions or concerns about ransomware or cybersecurity more generally, we can help you manage your risks and exposure.  If you suffer a ransomware incident this weekend, or anytime, we are available to assist you.

GSA-ALERT-GRAPHIC-5.png

Stay in the know. Get industry alerts from our legal team.

Read More Alerts

Client Alert-Labor Day Ransomware Threat

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory concerning an elevated threat of ransomware attacks over the holiday weekend. 

Neither agency has identified a specific threat but base their warning on historic spikes in ransomware activity over recent holiday weekends. 

Read More »

The Importance of Patch Updates and Validation

The release of software patches, even ones patching actively exploited vulnerabilities, is, unfortunately, not news.  But we wanted to take this opportunity to remind our clients about some legal issues related to patching.

Read More »

Vaccines for Federal Contractor Employees – Not Required, But Certainly Encouraged

In general, the new safety plans will split government employees, on-site contractors, and visitors into two groups – (1) the fully vaccinated and (2) those not vaccinated or those who refuse to provide proof of vaccination. Unsurprisingly, things are much harder for the second group:

Read More »

Interested in Connecting with our Legal Team?

The post Client Alert-Labor Day Ransomware Threat appeared first on Centre Law & Consulting.

View the full article

 Share

0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...