Don’t Let Your Holiday Season be Held to Ransomware.

I don’t want to sound like the Grinch and put a damper on the holiday season, but for cybercriminals the holiday season truly is “the most wonderful time of year”. Just because you may be taking a break, don’t think for a second that they will be too.

Cyberattacks surge during the holiday season

It’s become an annual occurrence. Every year, pre-Thanksgiving up, through the Christmas period, the volume of cyber attacks increases, most notably ransomware.


Ransomware is a type of malicious software program, otherwise known as malware, that denies the victims access to their files or systems. It holds the victims’ files or devices hostage using strong encryption, or threatens to leak personal data, until the victim pays a ransom. 


Research shows there was a 30% increase in the average number of attempted ransomware attacks during the holiday season in each consecutive year between 2018 and 2020, and a 70% average increase in attempted ransomware attacks in November and December compared to January and February.


Why businesses become more vulnerable

All of this makes perfect sense as cyber-attacks are most effective when users are distracted and less vigilant. Email continues to be the primary delivery mechanism used by cybercriminals to deliver their malware creations, so it’s not hard to see how the average person could fall for a phishing attack over the holidays when they are inundated with “Merry Christmas” emails or a plethora of enticing seasonal discount offers.


Compound that with most employees taking extended time off during this time period, and you have the makings of a perfect storm. Even if an attack is caught relatively soon, many of the people in charge of dealing with it are potentially traveling to see loved ones across the country, frantically trying to find last minute gifts, or at the very least harder to get ahold of than they would be on an average Wednesday.


Plan accordingly to prevent a blue, blue Christmas

The US Government has now begun issuing warnings at the end of the year urging businesses to stay vigilant and protect themselves from ransomware over the holiday period.


“malicious cyber actors aren’t making the same holiday plans as you. Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure. “ CISA and the FBI said


The agencies have outlined several key steps organizations can take to minimize the risk of an attack, these include: 

  1. Identifying key IT security staff who could handle a surge in work after a ransomware attack;
  2. Implementing multi-factor authentication for remote access and administrative accounts;
  3. Enforcing strong passwords and avoiding password reuse;
  4. Ensuring Remote Desk Protocol is secure and monitored;
  5. Reminding employees not to click on suspicious links.


It’s vital to remember that even though it’s a holiday, it doesn’t mean you can let your guard down. Expect to be targeted and plan accordingly.


To prevent cybercrime, become a cyber criminal!

At Decoded we believe that by better understanding the methods, processes and lengths to which cybercriminals apply themselves to their nefarious activities you’ll be better placed to defend against them. Which is why we’ve developed ‘Held to Ransomware’, a 1-hour workshop specifically designed to unwrap and demystify ransomware. 


We put you in the shoes of a cybercriminal to explore ransomware and the murky underbelly of the dark web, a place many have heard about but few dare to venture. The workshop uses interactive demos enabling learners to go ‘under the hood’ and see first hand how readily available ransomware can be purchased on the dark web, deployed with ease, and then released at scale to cause carnage throughout an organization’s technology infrastructure. 


To help prevent a blue, blue Christmas, we’ll be spreading the gift of increased ransomware awareness by running two virtual workshops for free on December 2nd at 9:30am ET and 12:30pm ET.

Register to attend

If you’d like to attend please RSVP to confirming your preferred time slot, and we’ll get you registered.


To find out more about Decoded; how we partner with organizations from the Boardroom to the shop floor transforming their digital capabilities; or how our programs could help you with your digital transformation, please email me at



Get in touch.

Want to find out more? Leave your details and we’ll be in touch.