A study by Semperis indicates that ransomware attacks rise during the busy holiday season. Ransomware attacks were recorded across the United States of America (USA), United Kingdom (UK), France, and Germany during holidays or weekends. Some of the factors accounting for the spike during the holiday season include reduced staffing as well as information technology (IT) support availability, increased online activity, and holiday phishing. Unfortunately, malicious software, phishing, and other forms of online intrusions can cost a significant amount of money, data loss, disruption, and reputational damage.
The latest incident of ransomware took place in South Carolina targeting SRP Federal Credit Union on December 23, 2024. Nitrogen, a ransomware group, claimed responsibility for the attack. It affected more than 240,000 people whose data were compromised. Accordingly, the financial company has stated that its online banking systems were not affected. But, the sheer volume of the sensitive information that was exposed 'raised alarm among cybersecurity experts and affected clients.' The attack extracted 650 gigabytes of customer info. In response to the data breach, the SRP sent letters to affected customers stating that suspicious activity was detected in its computer network. The SRPFCU also secured its systems and informed law enforcement after which, it launched a formal investigation with the assistance of a forensic security firm.
Earlier in December, a government agency, the Rhode Island State Benefits System was infiltrated by hackers who planted malicious software and threatened to expose sensitive info unless a ransom is paid. The group, Brain Cipher, claimed responsibility for the incident.
Two weeks ago, the Taylor Regional Hospital in Hawkinsville, Georgia was the target of an attempted ransomware attack. Fortunately, after an investigation, it turned out that there was no 'evidence' to suggest the data was accessed. It was just an attempted data breach. Officials at Taylor Regional said they were able to get things back on track after identifying the problem and responding quickly to the data breach. Chief government relations officer, Anna Adams, said that the hospital has protocols in place in case of an intrusion.
For Wood County in Ohio, the ransomware attack on their fire and emergency services had operators resorting to pen and paper to record calls. The county's records management system was inaccessible due to the online threat. On December 26, 2024, the county negotiated and paid a $1.5 million fee to ensure the 'full and efficient resumption of services.' Wood County commissioners acknowledged it was 'a difficult choice', but they established it was the necessary approach in the interest of Wood County residents and employees. Furthermore, extra steps have been taken to beef up the security system.
Digital attacks like these show that a system can be very vulnerable to unwanted intrusions compromising data and other vital information. Hence, companies and institutions must be vigilant during periods of distraction or when staffing is reduced. Both private and public agencies must take steps to prevent phishing and ransomware attacks. For example, employee training and awareness, technological safeguards, including strong passwords and multifactor authentication, firewalls, intrusion detection systems, and anti-malware and antivirus software can prevent such incidents. In addition, data backup and recovery and third-party risk management are other strategies companies can do.
For those affected by the cyber attacks or data breach fallouts, regularly checking accounts, bank statements, and transaction histories for unauthorized activities help. If irregularities are detected, they must be reported immediately to the competent authorities or providers. Take fraud alerts seriously and update passwords on all accounts including email, financial, or shopping that might be linked to sensitive data. Strong and unique passwords are highly recommended including enabling two-factor authentication (2FA).
Extra vigilance during the holiday season is critical when attackers are likely to strike. In addition, extra precautions to protect systems minimize the risk of becoming victims of ransomware incidents.
