US Warns Ransomware Threats during Holidays – Whoops! Too Late

(Last Updated On: September 2, 2021)

If you are reading about potential ransomware threats during the holidays, just know it is too late. By the time you get a call waking you up on a labor day holiday break, it would be too late to stop the ransomware threat.

People forget that ransomware is the monetization network break-in. The THREAT is NOT RANSOMWARE. The threat is the miscreants are already inside your network, who have mapped out all the resources in your network, and then picked the core data that they can easily threaten to get you to pay. Yes, a ransomware threat visible indicator of a more significant threat. You can be 100% assured that you have Advanced Persistent Threat (APT) miscreants inside your network.

Prepare your Emergency Contact List for Everyone!

So if you are reading this before the holiday, get a list of all your key people’s phone numbers, personal email (along with the corporate emails), and share that list with everyone. Have your PR person on that list. This list will be critical if you are unfortunate to get a ransom threat over the holiday. Ransomware miscreants can make mistakes, locking you out of your network and preventing action from battling the ransomware (or locking you out could be intentional to cause more anxiety).

What can you do to Prepare for Potential Holiday Threats?

Luckily you don’t need to hire “security gurus” to help your organization prepare for a potential holiday threat. US CISA’s Alert (AA21-243A) – Ransomware Awareness for Holidays and Weekend is a massive list of suggestions, guides, resources, and common sense “checks” to look for threat actors inside your network before the holiday. In addition, sign up for Shadowserver’s Daily Network Report. Shadowserver provides the Daily Reports as a public benefit for all networks. The report gives you an outside-in scan, reporting the risk miscreants will use to break into your network. For example, the CISA Holiday warning points out how the Remote Desktop Protocol (RDP) risk. RDP is one of the common techniques ransomware crews use to break into networks. Shadowserver scans your network for exposed RDP gives you a daily report (see Accessible RDP Report). But, the fundamental principle to prepare for a holiday threat is to be proactive. For that, we need a new habit.

Breathing Space for Security Before the Holiday

The #1 EXECUTIVE DECISION leaders can make to minimize the risk of holiday ransomware surprise is time. Time before the holidays to prepare the network, test the backups, review the data, do the threat hunting, and prepare the organization if there is a ransomware incident. When we look at all the ransomware incidents in 2021 and talk to people responsible for security, the #1 theme I hear from them is “we had no time to get things ready.”

Information is Beautiful maintains a chart of Ransomware Attacks, a data visualization of recent and notable ~200 ransomware attacks.

Some people think costly security solutions and expensive “security smarts” protect organizations from security threats. The reality is much cheaper. Clearing the path for the existing teams to use the resources provided by multiple organizations to do the basics is more impactful than an expensive “security solution.” For example, look at CISA’s highlights for immediate action:

Immediate Actions You Can Take Now to Protect Against Ransomware

• Make an offline backup of your data.

• Do not click on suspicious links.

• If you use RDP, secure and monitor it.

Update your OS and software.

• Use strong passwords.

• Use multi-factor authentication.

None of these immediate actions are difficult. They are not complicated. But they all need time.

Why is the Ransomware Crew Waiting for the Holidays?

The Ransomware miscreant’s goal is not to cause damage to your network. Their goal is to MAKE MONEY! They know the biggest problem to a payout is critical attention. What better way to get your attention than a major ransomware incident over the holidays. What better way to cause massive disruption where people “just make it go away” than holiday recall? So, once the miscreants are inside your network, they will prepare, look for the next time the organization is taking a holiday, and prepare to alarm everyone.

Holidays are good “events” to capture “motivating attention.” But this is not the end. Ransomware crews will learn. We will soon see it get worse. Think of a ransomware threat the day before the quarterly earnings report. What do you tell your shareholders or the public when your company is in the news with a ransomware incident at the same time you are announcing the financial results?

How do you minimize the risk of a ransomware incident before a quarterly report? Same advice, be proactive by giving your existing team time to take care of all the security essentials.

Q. As a Leader, are you clearing the path to give your time to get the Immediate Action Security Checklist Completed before the Holidays?

If not, then prepare that emergency contact checklist.

Are you looking for more practical, low-cost security Advice?

If you find your organization needs help and worry about the FUD from the industry, reach out and ask for help. You can reach me at The materials and guides posted on here are designed to help organizations leverage the talent around them to get started with their security activities. Start with the Operator’s Security Toolkit and Meaningful Security Conversations with your Vendors. Each is no-nonsense security for all Operators. It provides details to help them build more security resilient networks. In the meantime, stay connected to the Senki Community to get updates on new empowerment and security insights. You can sign up to the mailing list for updates here: Stay Connected with Senki’s Updates.