Prior to the Labor Day holiday, the Cybersecurity & Infrastructure Security Agency released information regarding a recent trend of ransomware attacks taking place over holiday weekends, when the attackers believe that IT and Security teams may be on vacation or not paying as close attention to their networks.

• In May 2021, leading into Mother’s Day weekend, malicious cyber actors deployed DarkSide ransomware against the IT network of a U.S.-based critical infrastructure entity in the Energy Sector, resulting in a week-long suspension of operations. After DarkSide actors gained access to the victim’s network, they deployed ransomware to encrypt victim data and—as a secondary form of extortion—exfiltrated the data before threatening to publish it to further pressure victims into paying the ransom demand.
• In May 2021, over the Memorial Day weekend, a critical infrastructure entity in the Food and Agricultural Sector suffered a Sodinokibi/REvil ransomware attack affecting U.S. and Australian meat production facilities, resulting in a complete production stoppage.
• In July 2021, during the Fourth of July holiday weekend, Sodinokibi/REvil ransomware actors attacked a U.S.-based critical infrastructure entity in the IT Sector and implementations of their remote monitoring and management tool, affecting hundreds of organizations—including multiple managed service providers and their customers.

With many upcoming holidays in the coming months, we wanted you to be aware and take precautions.

Full information on the news bulletin can be found here – https://us-cert.cisa.gov/ncas/alerts/aa21-243a