For many, the summer months should be a time of peace: Maybe taking some vacation, maybe strolling across warm, soft sands as sapphire waves lap up against your feet, maybe even spending time with family (that you like).<\/p>\n
But for determined cybercriminals, these periods of near-universal rest and relaxation are actually moments of attack.<\/p>\n
In particular, ransomware gangs have shown a nasty habit of starting their attacks at the least convenient times: When computers are idle, when employees who might notice a problem are out of the office, and when the IT or security staff who might deal with it are shorthanded. <\/p>\n
Cybercriminals like to attack at night and at weekends, and they love holidays and special events. On the July 4 weekend in 2021, the REvil ransomware gang was likely hosting its own celebrations after pulling off an enormous supply-chain attack on Kaseya<\/a>, one of the biggest IT solutions providers in the US for managed service providers (MSPs). Threat actors used a Kaseya VSA auto-update to push ransomware into more than 1,000 businesses.<\/p>\n But it isn’t just holiday weekends that cybercriminals leverage for attacks. They can also likely predict when IT professionals go on vacation—the summer. <\/p>\n Ransomware works by encrypting huge numbers of files on as many of an organization’s computers as possible. Performing this kind of strong encryption is resource intensive and can take a long time, so even if an organization doesn’t spot the malware used in an attack, its tools might notice that something is amiss. <\/p>\n “You never think you’re gonna be hit by ransomware,” said Ski Kacoroski<\/a>, a system administrator with the Northshore School District in Washington state, speaking on Malwarebytes’ Lock & Code podcast. On the podcast, Kacoroski spoke about Northshore’s nighttime attack: <\/p>\n “It was an early Saturday morning. I got a text from my manager saying ‘something is up’…after a short while I realized that [a] server had been hit by ransomware. It took us several more hours before we realized exactly how much had been hit.”<\/p>\n<\/blockquote>\n Kacaroski added “We had some high CPU utilizations alert the night before when they started their attack, but most of us were already asleep by midnight.”<\/p>\n When REvil first attacked Kaseya in 2021, Malwarebytes Labs relied on the expertise of Adam Kujawa, a cybersecurity evangelist<\/a>, to understand what steps organizations should take to minimize the chance that a holiday weekend could be ruined by a cyberattack. That advice is still good today—including for any IT or security employee going on vacation—so we’re offering it again for readers. <\/p>\n When we asked Kacaroski why he came forward to tell his ransomware story when many others are reluctant to, he told us: “The only mistake in life is a lesson not learned.”<\/p>\n A lesson we can all learn here is that cybercriminals are not reluctant to ruin somebody’s vacation plans. So don’t wait for an attack to happen to your organization before you decide you need to be ready. Prepare now, and enjoy uninterrupted peace of mind during your vacation.<\/p>\n Ready to learn more about staying safe before heading out on vacation? Read more at our “Stay on Vacation” hub:<\/p>\n Stay on vacation<\/a><\/span><\/p>\n<\/p>\n https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Why out-of-office attacks work<\/b><\/h2>\n
\n
Be prepared<\/b> <\/b><\/h2>\n
Do these before<\/i> leaving for vacation<\/b> <\/h3>\n
\n
Schedule these during<\/i> vacation<\/b> <\/h3>\n
\n
“The only mistake in life is a lesson not learned”<\/b><\/h2>\n