CISA Warns About the Ransomware Risk During the Upcoming Labor Day Holiday

Published on September 1, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

On Monday, September 6, 2021, the United States will celebrate Labor Day, the federal holiday to honor and recognize the workers’ movement and the laborers' contribution to the country's greatness. As with all holidays, everything will be working on emergency personnel, which means having understaffed IT teams on agencies and organizations. Ransomware actors see this as an excellent opportunity to launch attacks, and as CISA’s (Cybersecurity and Infrastructure Security Agency) latest alert underlines the fact and warns about the risks.

While the CISA and the FBI clarify that they don’t have any specific intelligence on an upcoming cyberattack during the Labor Day holiday, it is considered a very high possibility based on the standard actor tactics and procedures followed during other holidays and weekends the past couple of months. This is further worsened by the fact that Labor Day is on a Monday, and also during a period when a respectable number of people chose to get their holiday.

As such, everyone is urged to update their software tools and OS, and scan their network for vulnerabilities, use MFA everywhere, implement network segmentation, make offline backups of important data, and develop an incident response plan, even if we’re only days away from the holiday. If something bad begins to unfold, the infected systems should be isolated, and all computers in the network should be turned off immediately.

Bill O’Neill, Vice President of Public Sector at ThycoticCentrify, told us:

It’s all too common that the majority of these attacks happen during the holidays, often leading to a delayed response from an unprepared ‘skeleton crew’ that simply doesn’t have the resources to simultaneously monitor for and deter threats. Of the threats that will be monitored, trigger automatic alerts, and enforce certain lockdowns, most will still require human action for mitigation and additional security controls. And because most organizations would prefer to have their data released immediately rather than wait out the duration of a holiday weekend (and incur continued reputational damage), they’re also more likely to negotiate with attackers and pay out the requested ransom to minimize long term risks associated with these attacks.

Obviously, the solution can’t be to force all IT team members to denounce Labor Day and have them work, but treating the chance of a ransomware attack as certainty is changing the stance of the defenders. This is what CISA’s alert is going for, and it contains links to various resources and guides on how to properly shield systems against these actors.

Finally, it is important to note that many ransomware actors have a presence in the systems long before they encrypt the files locally, so there are many groups out there that already have access to corporate networks and just wait for September 6 to initiate the encryption process. To figure out if you have an intrusion, check the logs for unusual network communications or increased CPU and disk activity.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: