The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation today published a cybersecurity advisory warning organizations to remain vigilant to ransomware threats.

The warning expressly referred to Labor Day, which is Sept. 6 in the U.S. The advisory noted that ransomware attacks increasingly occur on holidays and weekends when offices are typically closed.

Both CISA and FBI said they do not currently have specific information regarding cyber threats coinciding with upcoming holidays and weekends. But cybercriminals may view both, mainly holiday weekends, as an attractive time to target potential victims.

Previous ransomware attacks include the food and agricultural sector being targeted by the REvil/Sodinokibi over the Memorial Day long weekend. That reference is to the attack on JBS S.A., the world’s largest meat processing company that was hit by a ransomware attack on June 1. The company subsequently paid $11 million to the ransomware gang to settle the matter.

The advisory notes that from January to July 31, IC3 has received 2,084 ransomware complaints with over $16.8 million in losses, up 62% over the same half of 2020. Notable ransomware gangs named include Conti, PYSA, LockBit, RanomEXX/Defray777, Zeppelin and Crysis/Dharam/Phobos.

“Unfortunately, it’s all too common that the majority of these attacks happen during the holidays because foreign malicious actors typically perceive that IT and security teams at a target organization are either out-of-office or significantly pared down,” Bill O’Neill, vice president of public sector at cloud identity security solutions provider ThycoticCentrify, told SiliconANGLE. “This often leads to a delayed response or an unprepped ‘skeleton crew’ that simply doesn’t have the resources to simultaneously monitor for and deter threats fast enough.”

Jake Williams, co-founder and chief technology officer at incident response company BreachQuest Inc., also noted that “while CISA and FBI have no specific credible information that there will be significantly more ransomware deployments over the holiday weekend, there is a history of threat actors capitalizing on lower staffing levels to perform intrusions.”

That was backed up by Hank Schless, senior manager of security solutions at cloud security company Lookout Inc.

“IT and security teams are some of the hardest-working individuals in any organization, which means they deserve some R&R over long weekends,” Schless said. “However, this means that there are going to be fewer people on call who can immediately respond to security alerts. People also may be traveling and not able to access their work computer or mobile device in order to help stop an attack once they receive an alert of suspicious activity.”

Image: CISA