HIghly advised to inoculate your users by raising awareness level. Do not click on suspicious links and conduct exercises to raise awareness among other mitigations.
CISA AND FBI URGE ORGANIZATIONS TO REMAIN VIGILANT TO RANSOMWARE AND CYBER THREATS THIS HOLIDAY SEASON
WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a cybersecurity reminder for public and private sector organizations to remain vigilant and take appropriate precautions to reduce their risk to ransomware and other cyberattacks leading up to and during the holiday season. This advisory is based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting. Specifically, malicious cyber actors have often taken advantage of holidays and weekends to disrupt critical networks and systems belonging to organizations, businesses, and critical infrastructure.
Among the mitigations described in the joint alert includes the need for entities to identify IT security employees for weekends and holidays who would be available during these times in the event of a ransomware attack. Other best practice recommendations include:
- Implement multi-factor authentication for remote access and administrative accounts
- Mandate strong passwords and ensure they are not reused across multiple accounts
- If you use remote desktop protocol (RDP) or other potentially risky services, ensure it is secure and monitored
- Remind employees not to click on suspicious links, and conduct exercises to raise awareness
- Review and, if needed, update incident response and communication plans that list actions an organization will take if impacted by a ransomware incident
CISA and FBI Urge Organizations to Remain Vigilant to Ransomware and Cyber Threats This Holiday Season | CISA