Organisations At Risk: Ransomware Attackers Don’t Take Holidays


Cybereason, the XDR company, published results from a global study of organisations that had suffered a ransomware attack on a holiday or weekend.

The study highlights an ongoing disconnect between the increased risk organisations face from ransomware attacks that occur on holidays and weekends and their readiness to handle them, as year-over-year, ransomware attacks during these times take longer to assess and resolve.

The higher assessment and remediation times stem from the fact that 44 per cent of companies reduce security staffing on holidays and weekends by as much as 70 per cent from weekday levels. Shockingly, 20 per cent of companies cut security staffing by 90 per cent from weekday levels. Conversely, only 7 per cent of companies are at least 80 per cent staffed on holidays and weekends.

Titled Organisations at Risk: Ransomware Attackers Don’t Take Holidays, the study of 1,203 cybersecurity professionals across eight countries, including the United Arab Emirates (UAE), found that holiday and weekend ransomware attacks result in greater revenue losses than ransomware attacks on weekdays. One-third of respondents said their organisation lost more money from a holiday/weekend ransomware attack, up from 13 per cent of respondents in the 2021 study. Respondents reporting higher revenue losses jumped to 43 per cent and 48 per cent in the education and transportation industries.

“Ransomware actors tend to strike on holidays and weekends because they know companies’ human defences often aren’t as robust at those times. It allows them to evade detection, do more damage, and steal more data as security teams scramble to mobilise a response. Cybereason found that risk assessment is slower, it takes companies longer to assemble the team to fight the initial attack, which leads to slower remediation and recovery times,” said Lior Div, Cybereason CEO and Co-founder.

When it comes to holiday and weekend ransomware attacks, financial losses aren’t the only thing businesses are concerned with. In fact, ransomware attacks disrupt the lives of the security professionals defending businesses, with 88 per cent of respondents missing a holiday or weekend celebration due to a ransomware attack. These numbers were higher in the financial services industry, where more than 90 per cent of respondents said they had missed out on time with family.

“Disrupting cybersecurity professionals’ well-earned downtime and interfering with their personal lives takes a toll on their wellbeing, leads to burnout and causes some people to leave the field altogether. The overall success cyber criminals have attacking on holidays and weekends leads to them more aggressively targeting companies during these times as a way to further fuel their criminal empires,” added Div.

Ransomware is preventable and many companies offer endpoint detection & response technologies that will stop the scourge. Implementing a security awareness program for employees and ensuring operating systems and other software are regularly updated and patched are steps in the right direction. In addition, organisations should ensure clear isolation practices are in place to stop any further ingress on the network or the spreading of the ransomware to other devices. They should also evaluate the locking-down of critical accounts when possible. The path attackers often take in propagating ransomware across a network is to escalate privileges to the admin domain-level and then deploy the ransomware.