Circling the Security Wagons - Why Organizations Must Meet the Surge in COVID-19 Ransomware Attacks


As the world reacted to COVID-19 by focusing on health and wellbeing, cybercriminals cynically exploited the crisis as a way to trap more ransomware victims. As a result, not only do organizations have to contend with a new wave of attacks, but they must execute prevention, mitigation and recovery strategies during lockdown when IT teams are often still working remotely, sometimes without complete access to their usual infrastructure.

The risks associated with the pandemic are very real for organizations across the economy, transcending physical borders to become global issues. In a joint statement released by the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC), cybercriminals have been attacking healthcare policy makers and researchers involved in the coronavirus response. The statement advised international healthcare and medical research organizations to update passwords and implement two-factor authentication in an effort to reduce attacks via “password spraying,” a tactic used by organizations to use commonly known passwords to access a large number of accounts. This followed an earlier alert from CISA and NCSC warning the same agencies that bad actors were exploiting the pandemic for cyber crime through phishing, malware distribution, false domain names and targeting teleworking infrastructure.

Despite the need to focus on the critical health issues associated with the pandemic, security and IT leaders must now renew efforts to protect their business systems. This doesn’t mean adopting radical new strategies, but it does require an approach that ensures getting the basics right. There are five foundational points to cover:

System Protection
The first critical step to establishing ransomware protection is to focus on system updates and anti-malware software. Systems should be completely current with the latest patches provided by manufacturers. Keep in mind that previous ransomware attacks have exploited security vulnerabilities that have been patched for months, but organizations with poor update processes remained at risk. Beyond system updates, it’s good IT practice to run anti-malware software to prevent as many variants as possible. In preparation for an attack, every business should prioritize backups of their infrastructure - this is the number one solution against an attack.

Endpoint Protection
Malware can hit any computer across IT environments. The infamous WannaCry ransomware malware, for example, was actually an internet worm, not simply a phishing attack, so it was able to spread automatically across networks using a security flaw in Windows. With threats like this, every computer needs to be protected, not just servers or file sharing systems.

The 3-2-1 Backup Strategy
IT administrators know the best strategy for data protection is the 3-2-1 backup strategy, consisting of: 3 copies of data, 2 different formats and 1 offsite location, with an air gap if possible. If all organizational backups are on a single disk that is connected to a main computer, those backups can be encrypted at the same time as source data, rendering them useless. With three copies of data - on the computer, on local storage, and on offsite storage - rapid recovery from ransomware is much more practical.

Ransomware encrypts the user files on a computer, so monitoring backups routinely can help detect if an attack has taken place. A sudden spike in data being backed up may be an indication that ransomware has encrypted files, allowing mitigation and recovery processes to be put into action.

For any organization hit with ransomware, the golden rule is: Do not pay the ransom. The uncomfortable truth is that paying what the criminals demand is no guarantee that data can be restored. There have been many incidents where ransomware software bugs have prevented file decryption, with some specifically designed to only encrypt, regardless of whether or not a ransom was paid.

As cybercriminals step up their ransomware attacks, their success relies on organizations that are poorly prepared, targeting systems that are particularly critical to public health and normal commercial activities. Using tried and tested techniques can go a long way to protecting vital systems and services during the pandemic and beyond.

Edited by Maurice Nagle

Related Articles

12 Golden Tips That Every Forex Investor Must Know

By: Special Guest    11/25/2020

Traditional currency trading has been a prerogative for multinational corporations and affluent investors for decades now. The Forex market has, howev…

Read More

Make Social Media an Integral Part of Your Marketing Strategy

By: Special Guest    11/17/2020

Social media is an essential weapon any company needs in its marketing arsenal. Contrary to popular belief, social media is not an entity separate fro…

Read More

5 Ways to Reduce Customer Response Times

By: Special Guest    11/17/2020

Response time is a critical metric since it determines the levels of customer engagement with your brand. It also influences consumers' perception of …

Read More

How Will 5G Affect Online Casino Industry in Canada?

By: TMC    11/17/2020

If you are paying any attention to the telecommunications world, then you are likely aware that 5G technology is rapidly becoming the standard for com…

Read More

The software that powers online casinos

By: Special Guest    11/17/2020

The arrival of online casino software in the 2000s revolutionised the gambling industry. These days providers such as Playtech and hundreds of others …

Read More