Why Do Ransomware Attacks Skyrocket During the Winter Holiday Season?

December 08, 2022

The holidays are an especially dangerous time in cybersecurity. Some of the biggest cyberattacks in history happened on holiday weekends. Cybercriminals know that everyone’s busy and distracted around holidays and they are more than happy to take advantage of the opportunities offered to them. The winter holidays are prime time for cyberattacks. The distraction and disruption that celebrations, schedule changes and end-of-year pressures can bring to the office creates the ideal environment for them to launch cyberattacks, especially through phishing, including dangerous ransomware attacks.   

Get the guide that helps you detect & defeat dangerous BEC attacks to keep your company out of trouble! DOWNLOAD IT>>

3 attack types dominate the threat landscape 

Cybercriminals want to give every company an unwelcome gift like ransomware. In 2021, researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February. A new holiday ransomware study from Cybereason, “Organizations at Risk 2022: Ransomware Attackers Don’t Take Holidays”, dives into some of the ways that ransomware impacts companies and employees throughout the winter holidays with data included for both several major industries and geographic regions. The report also goes into the steps that companies can take to steer clear of holiday risk.   

The top threat that companies SOCs handled through the holiday season varied by region, but three major cyberattacks stood out as the most problematic incidents for SOCs. Ransomware leads the pack for U.S. companies, with more than half (66%) of IT pros in the U.S. indicating that is the threat their SOC handles the most. For organizations in the UK, their SOC is most likely to be looking at a supply chain attack (45%). Overall, an average of 49% of respondents indicated ransomware, 46% of respondents pointed to a supply chain attack and 31% said a targeted attack was the incident that their SOC was most likely to have to deal with during a weekend or holiday.   

The Top 3 Threats SOCs See on Holiday Weekends by Country

  US  UK  Germany  France  UAE    Singapore    Italy    South Africa   
Ransomware   66%  45%  40%  41%  50%  45%  37%  44% 
Supply chain attack   47%  54%  30%  33%  48%  38%  51%  45% 
Targeted attack   34%  29%  25%  31%  27%  29%  33%  35% 

Source: Cybereason 

phishing in silver on a pink background on top of a skull and crossbones

Is your email security solution really getting the job done? This checklist helps you find out! GET CHECKLIST>>

Low staffing levels create more attack opportunities 

The IT skills shortage is already leaving companies short-handed, especially in security, and that problem gets worse around the winter holidays, giving cybercriminals a better chance of landing an attack. Bad actors are well aware of the fact that businesses run on skeleton staffs during holiday periods and on weekends, and they’re using that information to their advantage to plan their operations. The majority of survey respondents said that they run at less than half staff (44%) during holidays and weekends. Many companies drop to less than 10% staffing during those periods, including companies in four major verticals: Finance (36%), Healthcare (26%), Manufacturing (17%) and IT and Telecom (15%).  

What is your average staffing level on holidays and weekends? 

80 – 100% staffed  7%  
50 – 70% staffed  26%  
33 – 50% staffed  23%  
Less than 33% staffed  44%  

Source: Cybereason 

Learn the ins and outs of today’s wide variety of phishing attacks & how to stop them in Phishing 101. DOWNLOAD IT>>

Education, Finance & Retail Experience Major Challenges Around the Holidays 

Some industries are particularly hard-hit by holiday attacks. The seven sectors that researchers chose to concentrate on in this report are Education, Finance, Healthcare, Travel & Transport, Manufacturing & Utilities, IT & Telecom and Retail, Catering & Leisure. The results of the survey show that every sector faces challenges with a holiday incident response. Education stood out as the sector in which it would take the longest for an organization to assess the scope of a cyberattack over a holiday, with more than half of respondents indicating that their assessments might be slow. IT professionals in the Education sector also said that their organizations would lose more money in a holiday attack. Retail had the second-longest assessment time and Travel had the second-longest response time.    

  Education  Finance  Healthcare  IT & Telecom  Manufacturing & Utilities  Retail, Catering & Leisure  Travel & Transport  
It took us longer to assess the scope of the attack   54%  39%  30%  35%  38% 41%   33% 
It took us longer to respond to/ stop the attack   42%  40%  31%  31%  37%  40%  43% 
The business lost more money   42%  24%  34%  24%  32%  31%  38% 

Source: Cybereason 

Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>

Holiday and weekend attacks hit harder 

The impact of a ransomware attack on a holiday weekend varies by industry, but none of the outcomes is pleasant. Across the board, an attack coming during a weekend or holiday is just worse than the same attack at another time. The most common factor that companies have to deal with when responding to a cyberattack on a holiday or weekend is that it takes longer to get a full picture of the attack. Over one-third of respondents (37%) said that it takes them longer to assess the scope of an attack on a holiday. Building on that, more than a third of respondents also said it takes them longer to stop an attack and assemble their response team on weekends and holidays. This cascade of challenges leads directly to businesses experiencing a longer recovery timeline and ultimately losing more money in the event of an attack on a holiday or weekend than they normally would.   

Outcomes of a cyberattack on a weekend or holiday 

Negative consequence % of respondents who experienced it 
It took us longer to stop the attack 37% 
It took us longer to assess the scope of the attack 37% 
It took us longer to recover from the attack 36% 
It took us longer to assemble our team 34% 
The business lost more money 31% 

Source: Cybereason 

Follow the path business takes to a ransomware disaster in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>

Investing in detection and automation technologies reduces risk 

Organizations are taking a variety of proactive steps to mitigate their holiday and weekend risk.  Many organizations are discovering the power and efficiency of AI and automation in security to help them close gaps and find problems faster, and they’re putting that learning to work for them to reduce their holiday cyberattack risk. Just under a third of respondents (29%) said that they’re investing in automation to improve their attack detection and response capabilities, reducing the burden on their staff. Implementing new threat detection capabilities is also a top priority for businesses. In today’s challenging security staffing market, many companies are turning to a managed security operations center (SOC or endpoint detection and response (EDR) to quickly and affordably bolster their threat detection capabilities. 

Top 5 Moves Companies Are Making to Reduce Risk

Implementing new ransomware detection capabilities  38%  
Augmenting staff to respond faster  31%  
Adding automation to speed detection & response  29%  
Setting up crypto wallets to pay ransoms  27%  
Learning to negotiate with ransomware groups  27%  

Source: Cybereason 

Gain peace of mind and enjoy your holiday with Graphus on the job

Cybercrime never takes a holiday and neither does Graphus. The world’s first AI-driven email security solution, Graphus delivers the protection from email-based threats that your organization needs to survive today’s never-ending barrage of cyberattacks. You don’t have to worry about catching, adjudicating and quarantining phishing messages while you’re short-staffed. Graphus automatically monitors communication patterns between people, devices and networks to reveal untrustworthy emails and stop them from reaching employees at half the cost of the competition.  

What can Graphus do for you?

  • Blocks sophisticated phishing messages from reaching employees.      
  • Put 3 layers of protection between employees and dangerous email messages.  
  • Save tech time and money by requiring minimal supervision with no need for threat intelligence uploads or fussy configurations.
  • Get to work in minutes, seamlessly deploying to Microsoft 365 and Google Workspace via API without big downloads or lengthy installs.  
  • Provide intuitive administration and precise reporting to help you gain insights into the effectiveness of your security, level of risks, attack types and more.  

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus