Circling the Security Wagons - Why Organizations Must Meet the Surge in COVID-19 Ransomware Attacks


As the world reacted to COVID-19 by focusing on health and wellbeing, cybercriminals cynically exploited the crisis as a way to trap more ransomware victims. As a result, not only do organizations have to contend with a new wave of attacks, but they must execute prevention, mitigation and recovery strategies during lockdown when IT teams are often still working remotely, sometimes without complete access to their usual infrastructure.

The risks associated with the pandemic are very real for organizations across the economy, transcending physical borders to become global issues. In a joint statement released by the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC), cybercriminals have been attacking healthcare policy makers and researchers involved in the coronavirus response. The statement advised international healthcare and medical research organizations to update passwords and implement two-factor authentication in an effort to reduce attacks via “password spraying,” a tactic used by organizations to use commonly known passwords to access a large number of accounts. This followed an earlier alert from CISA and NCSC warning the same agencies that bad actors were exploiting the pandemic for cyber crime through phishing, malware distribution, false domain names and targeting teleworking infrastructure.

Despite the need to focus on the critical health issues associated with the pandemic, security and IT leaders must now renew efforts to protect their business systems. This doesn’t mean adopting radical new strategies, but it does require an approach that ensures getting the basics right. There are five foundational points to cover:

System Protection
The first critical step to establishing ransomware protection is to focus on system updates and anti-malware software. Systems should be completely current with the latest patches provided by manufacturers. Keep in mind that previous ransomware attacks have exploited security vulnerabilities that have been patched for months, but organizations with poor update processes remained at risk. Beyond system updates, it’s good IT practice to run anti-malware software to prevent as many variants as possible. In preparation for an attack, every business should prioritize backups of their infrastructure - this is the number one solution against an attack.

Endpoint Protection
Malware can hit any computer across IT environments. The infamous WannaCry ransomware malware, for example, was actually an internet worm, not simply a phishing attack, so it was able to spread automatically across networks using a security flaw in Windows. With threats like this, every computer needs to be protected, not just servers or file sharing systems.

The 3-2-1 Backup Strategy
IT administrators know the best strategy for data protection is the 3-2-1 backup strategy, consisting of: 3 copies of data, 2 different formats and 1 offsite location, with an air gap if possible. If all organizational backups are on a single disk that is connected to a main computer, those backups can be encrypted at the same time as source data, rendering them useless. With three copies of data - on the computer, on local storage, and on offsite storage - rapid recovery from ransomware is much more practical.

Ransomware encrypts the user files on a computer, so monitoring backups routinely can help detect if an attack has taken place. A sudden spike in data being backed up may be an indication that ransomware has encrypted files, allowing mitigation and recovery processes to be put into action.

For any organization hit with ransomware, the golden rule is: Do not pay the ransom. The uncomfortable truth is that paying what the criminals demand is no guarantee that data can be restored. There have been many incidents where ransomware software bugs have prevented file decryption, with some specifically designed to only encrypt, regardless of whether or not a ransom was paid.

As cybercriminals step up their ransomware attacks, their success relies on organizations that are poorly prepared, targeting systems that are particularly critical to public health and normal commercial activities. Using tried and tested techniques can go a long way to protecting vital systems and services during the pandemic and beyond.

Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Related Articles

Why Block Websites? Understanding the Reasons

By: Contributing Writer    5/6/2024

The internet is such an expansive network where every click can lead to information, entertainment, or opportunities for productivity. However, this a…

Read More

ChatGPT Isn't Really AI: Here's Why

By: Contributing Writer    4/17/2024

ChatGPT is the biggest talking point in the world of AI, but is it actually artificial intelligence? Click here to find out the truth behind ChatGPT.

Read More

Revolutionizing Home Energy Management: The Partnership of Hub Controls and Four Square/TRE

By: Reece Loftus    4/16/2024

Through a recently announced partnership with manufacturer Four Square/TRE, Hub Controls is set to redefine the landscape of home energy management in…

Read More

4 Benefits of Time Tracking Software for Small Businesses

By: Contributing Writer    4/16/2024

Time tracking is invaluable for every business's success. It ensures teams and time are well managed. While you can do manual time tracking, it's time…

Read More

How the Terraform Registry Helps DevOps Teams Increase Efficiency

By: Contributing Writer    4/16/2024

A key component to HashiCorp's Terraform infrastructure-as-code (IaC) ecosystem, the Terraform Registry made it to the news in late 2023 when changes …

Read More