Wary Fishmas: Ransomware Attacks Ramp Up 30% for the Holidays

December 16, 2021

Cybercriminals love holidays too, especially holidays that involve large numbers of people being out of the office. It’s the perfect time for them to strike with impunity knowing they’ll have advantages like less in-person monitoring and slower response times for defenders. Earlier this year, the US Cybersecurity & Infrastructure Security Agency (CISA) in concert with the US Federal Bureau of Investigation FBI released a warning that they’re reiterating now for businesses: “Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure.” 


See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>


Cybercriminals Are Phishing for Holiday Gifts for Themselves


Phishing analysts have been sounding the alarm that phishing attacks increased precipitately in November and December, especially attacks against targets that enjoyed surges in business during the winter holiday season like retailers and shippers. F5 reported that cybercriminals were busy trying to draw in holiday traffic. The number of unique domains used for fraudulent purposes increased by 157% in November, compared to the average for May and September. Cybercriminals also did some early holiday shopping at cryptocurrency exchanges, with a massive spike in phishing of almost 1800% when compared to previous months.

A recent global survey of IT professionals by FireEye shows that businesses are getting the message that holidays bring elevated website traffic and subsequent elevated cyberattack risk. When assessing cyber readiness for increased consumer demand of their company’s online resources, more than 85% of organizations surveyed said that they are anticipating a moderate-to-substantial increase in demand during the 2021 holiday season. Researchers also determined that over 80% of the organizations surveyed admitted to experiencing increased cyber threats and 79% experienced downtime in the wake of previous holiday-related cyberattacks.

Recent history bears that out. Some of the biggest cyberattacks of 2021 occurred over holiday weekends in the US and that trend shows no sign of slowing down. Fewer people in the office plus people distracted with holiday activities and vacations gives bad actors an edge when conducting sophisticated phishing and social engineering attacks that often carry ransomware in their wake. Research also supports that conclusion. Cybercrime researchers have uncovered a 30% increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020 compared to the monthly average. 


Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>


Ransomware is an Unwelcome Holiday Party Guest


The winter holiday season is especially dangerous. Researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February. Following a record number of ransomware attacks this year and soaring cybercrime rates, researchers warn that they expect the spike in holiday-timed ransomware attacks to be significantly higher over the 2021 holiday period. 

Ransomware has ballooned in 2021, consuming the tech headlines. In a 2021 FBI Internet Crime Complaint Center report, FBI analysts disclosed that from January to July, IC3 received more than 2,000 ransomware complaints with more than $16 million in losses, a 20% increase in reported losses compared to the same time in 2020. Every industry is a viable target for cybercrime, and businesses of every size are at risk. More than 50% of ransomware attacks hit companies with less than 100 employees.  

Fraudulent websites are often used to spread malware like ransomware, and the proliferation of those sites is a key indicator that an increased risk of ransomware is in the forecast. The use of encrypted phishing sites has steadily increased and this year is no exception. At this time of year in 2020, 72% of fraudulent websites were encrypted and in 2021 that figure has increased to 81% of phishing sites. Employees shopping at work or shopping using work devices creates additional ransomware risk for businesses this time of year too. Cybercriminals know that seasonal trends in consumer behavior are ideal opportunities for them to strike and they’ve been busy preparing for the increase in online shopping that occurs this time of year with a 200% increase in fraudulent retail sites.


See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>


Here’s a Gift Basket Full of Tips to Avoid Trouble


Cybersecurity professionals agree that holiday time is a dangerous time in cybersecurity, especially when it comes to ransomware. In a global study of more than 1,200 security professionals at organizations that have previously suffered a successful ransomware attack on a holiday or weekend, researchers found that ninety percent are concerned about new ransomware attacks on subsequent holiday weekends and for a good reason. More than 80% of those IT professionals report that they’ve had to miss holiday time with loved ones because of a cybersecurity incident at work. These tips from CISA and the FBI may help businesses avoid trouble from ransomware this holiday season: 

  • Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.  
  • Implement multi-factor authentication for remote access and administrative accounts. 
  • Mandate strong passwords and ensure they are not reused across multiple accounts.  
  • If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.  
  • Remind employees not to click on suspicious links, and conduct exercises to raise awareness.  

Additionally, CISA and the FBI recommend maintaining vigilance against the multiple techniques cybercriminals use to gain access to networks, including: 

  • Phishing scams, such as unsolicited emails posing as charitable organizations. 
  • Fraudulent sites spoofing reputable businesses—it is possible malicious actors will target sites often visited by users doing their holiday shopping online. 
  • Unencrypted financial transactions

Learn how to add to your security team without adding to your headcount. FREE EBOOK>>


Add Strong Protection from Phishing That Never Takes a Holiday 


Give yourself the gift of peace of mind with AI-powered protection against phishing this holiday season so you can feel confident that you can really relax and enjoy yourself. Stop phishing with Graphus – the most simple, automated & affordable phishing defense available. 

TrustGraph is the star of the show when it comes to keeping potentially dangerous email away from staffers. 

  • Your first layer of defense against phishing, TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes.  
  • TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention.  

Graphus makes it easy for your employees to report suspicious messages and get help in case of trouble.  

  • EmployeeShield adds a bright, noticeable box to messages that could be dangerous, empowering staffers to report that message with one click for administrator inspection.  
  • Phish911 makes it a snap for employees to report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review. 


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus