As we see a rise in ransomware attacks during COVID-19, companies must ensure that they are prepared for attack during these unprecedented times
The most recent ransomware attack saw a medical-research institution working on a cure for COVID-19 attacked which resulted in a $1.14m payment
Times of uncertainty and change have always brought out the best and worst in populations. COVID-19 is proving no different, as we see communities come together and levels of support and appreciation for key workers rise, we are also seeing a worrying rise in attacks by cybercriminals.
The ransomware attack, a devastating tool during the best of times, has become even more effective during COVID-19 and as a result we are seeing a large increase in the number of attacks. Specialist insurer Beazley found that there had been a 25% spike in ransomware attacks during the first quarter of 2020 compared to Q4 in 2019.
There is also a disturbing trend in criminals targeting organisations that are key during the pandemic. Public sector organisations (Redcar and Cleveland Council was attacked with crucial systems offline for weeks) and medical facilities have all been targeted. Most recently a criminal gang targeted the University of California San Francisco, a leading medical-research institution working on a cure for COVID-19, which was forced to pay a $1.14m ransom.
Although the staff tried to stop the spread of the malware by unplugging computers the damage had already been done and against the advice of law-enforcement agencies negotiations were started to allow the institution to get back online and work on the cure. The criminal gang involved has also appeared to have attacked two other universities in the same manner in the past three months.
The criminals are using increasingly sophisticated methods to gain access to systems, with some spending months inside networks identifying the most vulnerable areas and where the most valuable data resides, before making their move. With more attacks and more organisations paying ransoms 2020 is likely to see an increase in the number of companies being targeted. However, according AJ Thompson, CCO at Northdoor plc, companies should not lay down and accept the fact that criminals will be successful.
“The past few months has seen a real increase in the amount and focus of criminal gangs using ransomware. They are taking advantage of the situation of many companies and their employees who are working in new ways, often outside of the corporate network. As we start to see the light at the end of the tunnel will COVID-19, that does not mean that the threat will disappear.
“In all likelihood criminals, flushed with their success during the first half of 2020 will be more active than ever, targeting a multitude of companies and sectors. This is not to say however, that we are helpless in the face of such attacks. The key is proactivity, if companies are proactive in their defences then they are in a much better position to fight off, or even better, detect a threat before it becomes a problem, then so much the better. Sitting passively beneath your defences is no longer an effective method as cyber criminals are constantly evolving the methods of gaining entry.
“Ransomware attacks during COVID-19 have been particularly effective because of the new ways of working that many companies have had to implement. Employees are working outside of the corporate environment, often for the first time, sometimes opening up old laptops and computers that are no longer supported or that have not had patched for months, possibly years.
‘Alongside proactive defences, companies need to effectively communicate and educate employees as to what threats look like and how to work responsibly outside of the corporate network. Employees remain the main vulnerability for most companies and so closing this breach is an effective way of shutting the criminals out.
“Although the threat has increased, there are plenty of methods that companies can implement to block the criminals’ entry, to identify the threat before it takes effect and to ensure that employees are aware of the methods the criminals use to gain access. With these in place companies are in a much stronger and proactive position,” concluded Thompson.