The business world has been hit very hard during 2020 due to the COVID19 pandemic, resulting in massive complications as most try to simple stay alive as a competitive entity. Complicating this even further has been the increase in ransomware attacks as cybercriminals sough to use the pandemic as leverage in their bid to steal money from anywhere possible.
Ransomware is not a new phenomenon and was first witnessed inflicting damage during the early 2000s in order to steal money from individuals and companies. It became more widespread during the 2010s and it s now the biggest cyber threat for businesses.
According to data from Kroll, during the third quarter of 2020, ransomware attacks grew by 40% with around 200 million attacks taking place during that time. Additionally a recent H1 2020 Cyber Insurance Claims Report released by Coalition states that 87% of all cyber-related insurance claims are filed due to ransomware attacks.
Another trend is that the hackers are seeking larger amounts of money in order to release the data that they are encrypting according to a report from Coveware, a firm that assists companies recovering from ransomware attacks. It says that ransom demands grew by 200% during Q4, 2019 and repeating this growth during 2020.
Ransomware gangs have created a previously unseen tactic of stealing data prior to encrypting files in order to use double extortion tactics. So even if a company pays to recover data, victims still have to hand over money to stop the public sharing of their stolen data. The healthcare industry was hit particularly hard by during the last 12 months as Healthcare systems and hospitals had to deal with fighting the pandemic at the same time as a huge increase in attacks on hospitals was registered.
The pandemic has given ransomware gangs new chance to carrying out campaign to target remote workers with new database vulnerabilities identified to exploit. COVID-19 has also been targeted using lures that share ransomware, first saying that they have new advice on the new virus, then possible cures, and latterly vaccine linked lures.
The huge rise in attacks at the back end of 2020 indicates that they will continue to rise during 2021, and there is nothing to suggest otherwise. These types of attack are likely to persist as long as they continue to be profitable so companies must take care to do everything possible to prevent all attacks.
Some of the most crucial measure to implement include:
- Configure a proven spam filter with the strongest protection against malware and ransomware. Make sure it uses signature-based detection to block known ransomware variants and sandboxing to identify new ransomware strains.
- See to it patches are applied at once and software is updated quickly to the most recent version.
- Show your employees how to spot ransomware and malware emails and conduct general security training.
- Configure a web filtering solution to prevent access to risky and malicious websites to stop installations of ransomware.
- Insist on the creation of strong passwords to obstruct brute force attacks.
- Turn on multi-factor authentication wherever it is available.
If you can spot unauthorized accessing of your databases as it occurs , you may be able to prevent an attack before ransomware is installed. Most hackers spend time moving laterally to identify as many devices as possible before deploying an attack and they will try to find and steal data, which allows you a window to detect and block the attack. You should configure a monitoring system in place that launches alerts when suspicious activity is spotted and, ideally, one that can automatically remediate attacks when they are discovered. Many attacks take place at the weekend and public holidays when monitoring by IT teams is likely to be at a lower level so think about the mechanisms you have in place when staffing levels are minimal.
You may not be able to prevent an attack, but you can ready your team(s) and restrict the damage inflicted. First and foremost, create a backup of your data. Store the backup is stored in a location that cannot be accessed from the network where the data is held, store a copy of a backup on a non-networked device, and ensure backups are carried out regularly and are checked to make sure data can be rescued.
You should also set up a disaster recovery plan that can go live as soon as an attack takes place to ensure your company can go on working until the attack is addressed.