Circling the Security Wagons - Why Organizations Must Meet the Surge in COVID-19 Ransomware Attacks

By

As the world reacted to COVID-19 by focusing on health and wellbeing, cybercriminals cynically exploited the crisis as a way to trap more ransomware victims. As a result, not only do organizations have to contend with a new wave of attacks, but they must execute prevention, mitigation and recovery strategies during lockdown when IT teams are often still working remotely, sometimes without complete access to their usual infrastructure.

The risks associated with the pandemic are very real for organizations across the economy, transcending physical borders to become global issues. In a joint statement released by the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC), cybercriminals have been attacking healthcare policy makers and researchers involved in the coronavirus response. The statement advised international healthcare and medical research organizations to update passwords and implement two-factor authentication in an effort to reduce attacks via “password spraying,” a tactic used by organizations to use commonly known passwords to access a large number of accounts. This followed an earlier alert from CISA and NCSC warning the same agencies that bad actors were exploiting the pandemic for cyber crime through phishing, malware distribution, false domain names and targeting teleworking infrastructure.

Despite the need to focus on the critical health issues associated with the pandemic, security and IT leaders must now renew efforts to protect their business systems. This doesn’t mean adopting radical new strategies, but it does require an approach that ensures getting the basics right. There are five foundational points to cover:

System Protection
The first critical step to establishing ransomware protection is to focus on system updates and anti-malware software. Systems should be completely current with the latest patches provided by manufacturers. Keep in mind that previous ransomware attacks have exploited security vulnerabilities that have been patched for months, but organizations with poor update processes remained at risk. Beyond system updates, it’s good IT practice to run anti-malware software to prevent as many variants as possible. In preparation for an attack, every business should prioritize backups of their infrastructure - this is the number one solution against an attack.

Endpoint Protection
Malware can hit any computer across IT environments. The infamous WannaCry ransomware malware, for example, was actually an internet worm, not simply a phishing attack, so it was able to spread automatically across networks using a security flaw in Windows. With threats like this, every computer needs to be protected, not just servers or file sharing systems.

The 3-2-1 Backup Strategy
IT administrators know the best strategy for data protection is the 3-2-1 backup strategy, consisting of: 3 copies of data, 2 different formats and 1 offsite location, with an air gap if possible. If all organizational backups are on a single disk that is connected to a main computer, those backups can be encrypted at the same time as source data, rendering them useless. With three copies of data - on the computer, on local storage, and on offsite storage - rapid recovery from ransomware is much more practical.

Detection
Ransomware encrypts the user files on a computer, so monitoring backups routinely can help detect if an attack has taken place. A sudden spike in data being backed up may be an indication that ransomware has encrypted files, allowing mitigation and recovery processes to be put into action.

Recovery
For any organization hit with ransomware, the golden rule is: Do not pay the ransom. The uncomfortable truth is that paying what the criminals demand is no guarantee that data can be restored. There have been many incidents where ransomware software bugs have prevented file decryption, with some specifically designed to only encrypt, regardless of whether or not a ransom was paid.

As cybercriminals step up their ransomware attacks, their success relies on organizations that are poorly prepared, targeting systems that are particularly critical to public health and normal commercial activities. Using tried and tested techniques can go a long way to protecting vital systems and services during the pandemic and beyond.




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

Shabodi Accelerates Adoption of Network-Aware Applications with CAMARA API Enterprise Reference Implementation

By: Special Guest    2/16/2024

Shabodi, an Application Enablement Platform (AEP) provider unleashing advanced network capabilities in LTE, 5G, 6G, and Wi-Fi 6, announced they have l…

Read More

How Much Does Endpoint Protection Cost? Comparing 3 Popular Solutions

By: Contributing Writer    2/2/2024

Endpoint protection, also known as endpoint security, is a cybersecurity approach focused on defending computers, mobile devices, servers, and other e…

Read More

What Is Databricks? Simplifying Your Data Transformation

By: Contributing Writer    2/2/2024

Databricks is an innovative data analytics platform designed to simplify the process of building big data and artificial intelligence (AI) solutions. …

Read More

What Is Blue/Green deployment?

By: Contributing Writer    1/17/2024

Blue/green deployment is a software release management strategy that aims to reduce downtime and risk by running two identical production environments…

Read More

The Threat of Lateral Movement and 5 Ways to Prevent It

By: Contributing Writer    1/17/2024

Lateral movement is a term used in cybersecurity to describe the techniques that cyber attackers use to progressively move through a network in search…

Read More