The Nightmare Before Christmas: Ransomware Attacks

The Nightmare Before Christmas: Ransomware Attacks

As we deck the halls and jingle our bells, it’s crucial to remember that the festive season often brings a flurry of cyber threats, transforming our merry-making into a digital winter wonderland where caution and preparedness are key to keeping the holiday cheer safe and secure. Hackers and threat actors are more active than ever this time of year, given that many organizations are closed, or staff is on vacation. You’re more likely to be the victim of phishing, ransomware attacks, or a breach during the holiday season.

Having a multi-layered approach to security is one of the best ways to minimize your risk of a breach or attack or, in many cases, quickly recover from one. Here are some recommendations on how to reduce risk this holiday season. 

  1. Beware of phishing links. This is one of the easiest and most common ways threat actors invade your environment. One click is all it can take for your environment to be overtaken-even without your knowledge. Conducting periodic security awareness training and phishing tests throughout the year can help your staff be skeptical about clicking on links. Some best practices for avoiding phishing include:
    1. Examine the email address from which the link is coming. You can usually tell if it’s fake by searching the domain via any search engine, VirusTotal, or even the entire email address.
    2. Hover over the link before you click. If the site address looks suspicious, don’t click on it.
    3. Pay attention to the language used in the email. If it doesn’t sound the way the person it’s allegedly coming from usually talks, don’t click the link.
    4. When in doubt, forward the email to your IT team for investigation. Phishing emails are constantly increasing in sophistication, so better safe than sorry. 
  2. Evaluate your Incident Response Plan (IRP) or Disaster Response Plan (DRP) with tabletop testing. Tabletop testing can validate your IRP/DRP documents to identify their strengths and weaknesses BEFORE an incident occurs. Tabletop testing can facilitate open discussions with your team while improving your plans, procedures, and playbooks. 
  3. Identify key Incident Response staff who will be on-call. Incidents most likely occur after hours when you’re sound asleep. It’s essential to have on-call resources who are able to detect and respond to any adversaries attempting to infiltrate your environment. Utilizing a SIEM SOC solution is practical as they can provide 24/7 incident response at a fraction of the cost of hiring an entire team.
  4. Test your existing backups. We’ve said it many times: a good backup is one of the three things that can help your organization quickly recover from a breach. Now is a good time to start if you haven’t been testing your backups regularly. There’s nothing worse than determining you don’t have a good backup when you need it most.
  5. Block and/or restrict Remote Desktop Protocol. If an adversary has access to your network and RDP is enabled, you’ve now given them access to any device in your network. AlphV/BlackCat is the most recent attack we’ve seen that is compromising users and wreaking havoc on systems. 
  6. Review access to Administrator accounts privileges. Ensure that only those who genuinely need Admin access have it and those who are no longer with your organization are removed from all access when they leave the organization.

The above guidance is relevant all year, not just for the holidays. Contact us today for more information on how Tego can help your organization reduce risk.

About the author
Jennifer Vosburgh is a seasoned Marketing and Communications professional. With over 15 years of experience, she has a strong background in Marketing, Communications, and Event Management. As Vice President of Tego Data Systems in Raleigh, NC, Jennifer is responsible for delivering full-scale Marketing Campaigns across all platforms including website, email, social media, events, and more.

By using this website you agree to our updated Conditions of Use and consent to the collection and use of your personal information as described in our updated Privacy Notice, which includes the categories of data we collect and information about your preferences and rights.