The COVID-19 pandemic has caused a significant increase in the number of ransomware incidents over the course of 2020. In the four-month period from January to April, one of Interpol's private sector partners reported 907,000 spam messages, 737 malware incidents, and the development/distribution of 48,000 malicious URLs — all of which were related to the coronavirus outbreak in some way. Moreover, in the first two weeks of April there was a significant spike in ransomware attacks from multiple threat groups that had previously lain dormant over the winter.
There are two trends which suggest that COVID-19 is at least partially responsible for the recent surge in occurrences:
- The prevalence of remote work, even in industries that previously were not aligned with the "work from home" ethos, has made it easier than ever for cybercriminals to launch a successful ransomware attack on unsuspecting victims.
- The widespread anxiety that COVID-19 has triggered has also made it easier for attackers to exploit individuals working at companies.
What do these trends mean for your company?
How can cybersecurity insurance and proactive testing help?
And just what is “ransomware?”
Ransomware
Ransomware is "a type of malware program that infects, locks, or takes control of a system and demands ransom to undo it. Ransomware attacks and infects a computer with the intention of extorting money from its owner." Ransomware is sometimes called "crypto-virus," "crypto-Trojan," or "crypto-worm" software.
A cybercriminal typically infects a victim's computer with ransomware through a malicious email attachment, a download, or a corrupted website/URL link. Once the system has been infected, the user no longer has access to important files. The attacking program encrypts key features of the computer system and may send pop-up windows asking the user to pay a ransom to reclaim the computer.
In many cases, ransomware applications may masquerade as legitimate programs from government agencies and claim that a user's system is locked down for security reasons. The ransomware then pushes a message saying a fee is required for system reactivation.
Two COVID-19 related trends have been driving the sudden increase in ransomware attacks.
1. Remote Work
Starting in March 2020, many organizations began transitioning their workers to remote work positions. As part of the transition process, they had to make key corporate resources available to employees, sometimes in a hurry. As a result, security standards have often fallen to the wayside.
For example, remote workers may be accessing sensitive organizational systems via Wi-Fi connection — which may or may not be secure. Moreover, Microsoft's proprietary RDP protocol is now being utilized remotely by a great number of personal computers and servers, which has led to a spike in Bruteforce Generic RDP attacks around the world. Such attacks are attempts to discover log-in credentials (username and password) by systematically trying all possible options until the right option is found.
Experts suggest that remote workers at the very least use robust passwords to access sensitive data and implement two-factor authentication if at all possible. Nevertheless, cybercriminals will no doubt continue to target remote workers for the foreseeable future.
2. COVID-Induced Anxiety
Whether employees currently work from home or still go into the office, many individuals are very anxious about COVID-19 and want to do everything within their power to protect themselves and their families. Many cyber attackers have taken advantage of this widespread anxiety to trap unsuspecting victims into clicking a poisoned link.
For instance, one report states that markets on the dark web are advertising COVID-19 phishing kits that use a malicious email attachment disguised as a distribution map of current coronavirus cases. The objective is to trick recipients into opening the attachment, infect their system, and then demand payment for the computer's "release."
Other research indicates that TA505, a cybercriminal group behind the "Locky" ransomware, is also using a coronavirus lure to infect victims' computers. For instance, one of the group's emails claims to hold information on how to protect users and their families from COVID-19 and contains an embedded "COVID-19 FAQ" link. Once the user clicks on the link the ransomware attacks their system.
A Key Way to Protect Yourself
There are some steps that business owners can take to protect themselves and their companies from damaging ransomware attacks. First of all, it is important to provide adequate cybersecurity training for employees.
This should go beyond passive lectures. Proactive testing companies such as KnowBe4 simulate phishing attacks to teach and test your employees in real time.
When employees can identify suspicious emails, links, or websites, then there is less of a chance they will fall for a ransomware attack. They should also be aware of connecting via secure networks, and implementing strong password protection techniques. Moreover, managers can also ensure that their team members are equipped with the most up-to-date firewalls and security protocols.
All of the above steps are important. However, it only takes one mistake for a company's assets to fall into the clutches of cybercriminals.
A key way to cover yourself in such a situation is to invest in cybersecurity insurance. If you do so, you'll be able to quickly recover from any malicious ransomware attack and move forward with minimal losses. Cybersecurity insurance is the number #1 way you can protect yourself and your business from cybercriminals.
To get help finding a free quote on cybersecurity insurance, all you need to do is reach out to us.