Sep 06, 2021 10:58:00

Why are cybercriminal groups launching ransomware attacks over the weekend?

In recent years, cyber attacks by ransomware have become active, and

many companies and public institutions have been damaged. Meanwhile, it is reported that cybercriminal groups 'tend to carry out ransomware attacks on weekends.'

Why ransomware hackers love a holiday weekend | Ars Technica
https://arstechnica.com/information-technology/2021/09/why-ransomware-hackers-love-a-holiday-weekend/

The ransomware attack on Colonial Pipeline , the largest oil pipeline in the United States, which became a hot topic after the Byden administration declared a state of emergency , was carried out on Friday, May 7, 2021. In addition, JBS , the world's largest meat trader, was damaged by the ransomware attack on May 30, 2021 (Sunday), the day before the Memorial Day of the war dead. In addition, when the IT management service 'Kaseya' was attacked by ransomware on July 2, 2021 (Friday), 'In the United States, there are many people who shorten their working hours before holidays, so we will respond. It has been pointed out that ransomware attacks tend to occur on weekends, such as 'It seems that they aimed at the timing of delay.'

Large-scale ransomware attack targeting IT management service 'Kaseya' has indirect impact on many companies --GIGAZINE

According to Bled Callow, who is in charge of threat analysis at security company Emsisoft , damage reports to the ransomware attack damage reporting service ' ID Ransomware ' tend to increase sharply on Monday. 'Ransomware attacks can damage many parts of the network over time,' Callow said. 'In general, attackers aim for times when the staff they are attacking is not there.' This makes it less likely that an attack will be detected and interrupted prematurely. '

Katie Nickels, director of intelligence at security firm Red Canary , said, 'It makes sense that weekends can lead to fewer staff going to work and less attention to security. In the event of a serious weekend incident, staff shortages can make it difficult to respond quickly, 'he said, pointing out that attackers are aiming for a weekend when the attacked company's defenses are weakened. doing.

In the case of general American companies, weekends tend to be targeted, but according to Mr. Callow, many targets are targeted for the Chinese New Year period in Asia, and many long vacation periods are targeted at schools, which are relatively slow to respond. It is said that there is a tendency to aim for the optimum timing for attacks according to the region and characteristics of. In addition, since ransomware attacks have invaded the system many days before the attack is executed, measures such as 'strengthen countermeasures only when ransomware attacks are likely to occur' are meaningless, Mr. Callow points out. increase.

The Cybersecurity and Infrastructure Security Agency (CISA) of the United States Department of Homeland Security has released a free ransomware attack countermeasure evaluation tool for network settings and data backup to prevent damage from ransomware attacks. We are enlightening the importance.

I tried using the official government ransomware countermeasure tool that 'all organizations should do' --GIGAZINE