Circling the Security Wagons - Why Organizations Must Meet the Surge in COVID-19 Ransomware Attacks

By

As the world reacted to COVID-19 by focusing on health and wellbeing, cybercriminals cynically exploited the crisis as a way to trap more ransomware victims. As a result, not only do organizations have to contend with a new wave of attacks, but they must execute prevention, mitigation and recovery strategies during lockdown when IT teams are often still working remotely, sometimes without complete access to their usual infrastructure.

The risks associated with the pandemic are very real for organizations across the economy, transcending physical borders to become global issues. In a joint statement released by the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC), cybercriminals have been attacking healthcare policy makers and researchers involved in the coronavirus response. The statement advised international healthcare and medical research organizations to update passwords and implement two-factor authentication in an effort to reduce attacks via “password spraying,” a tactic used by organizations to use commonly known passwords to access a large number of accounts. This followed an earlier alert from CISA and NCSC warning the same agencies that bad actors were exploiting the pandemic for cyber crime through phishing, malware distribution, false domain names and targeting teleworking infrastructure.

Despite the need to focus on the critical health issues associated with the pandemic, security and IT leaders must now renew efforts to protect their business systems. This doesn’t mean adopting radical new strategies, but it does require an approach that ensures getting the basics right. There are five foundational points to cover:

System Protection
The first critical step to establishing ransomware protection is to focus on system updates and anti-malware software. Systems should be completely current with the latest patches provided by manufacturers. Keep in mind that previous ransomware attacks have exploited security vulnerabilities that have been patched for months, but organizations with poor update processes remained at risk. Beyond system updates, it’s good IT practice to run anti-malware software to prevent as many variants as possible. In preparation for an attack, every business should prioritize backups of their infrastructure - this is the number one solution against an attack.

Endpoint Protection
Malware can hit any computer across IT environments. The infamous WannaCry ransomware malware, for example, was actually an internet worm, not simply a phishing attack, so it was able to spread automatically across networks using a security flaw in Windows. With threats like this, every computer needs to be protected, not just servers or file sharing systems.

The 3-2-1 Backup Strategy
IT administrators know the best strategy for data protection is the 3-2-1 backup strategy, consisting of: 3 copies of data, 2 different formats and 1 offsite location, with an air gap if possible. If all organizational backups are on a single disk that is connected to a main computer, those backups can be encrypted at the same time as source data, rendering them useless. With three copies of data - on the computer, on local storage, and on offsite storage - rapid recovery from ransomware is much more practical.

Detection
Ransomware encrypts the user files on a computer, so monitoring backups routinely can help detect if an attack has taken place. A sudden spike in data being backed up may be an indication that ransomware has encrypted files, allowing mitigation and recovery processes to be put into action.

Recovery
For any organization hit with ransomware, the golden rule is: Do not pay the ransom. The uncomfortable truth is that paying what the criminals demand is no guarantee that data can be restored. There have been many incidents where ransomware software bugs have prevented file decryption, with some specifically designed to only encrypt, regardless of whether or not a ransom was paid.

As cybercriminals step up their ransomware attacks, their success relies on organizations that are poorly prepared, targeting systems that are particularly critical to public health and normal commercial activities. Using tried and tested techniques can go a long way to protecting vital systems and services during the pandemic and beyond.




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

Can Science Outsmart Deepfake Deceivers? Klick Labs Proposes an Emerging Solution

By: Alex Passett    3/25/2024

Researchers at Klick Labs were able to identify audio deepfakes from authentic audio recordings via new vocal biomarker technology (alongside AI model…

Read More

Top 5 Best Ways to Integrate Technology for Successful Project-Based Learning

By: Contributing Writer    3/19/2024

Project-based learning, also popularly known as the PBL curriculum, emphasizes using and integrating technology with classroom teaching. This approach…

Read More

How to Protect Your Website From LDAP Injection Attacks

By: Contributing Writer    3/12/2024

Prevent LDAP injection attacks with regular testing, limiting access privileges, sanitizing user input, and applying the proper encoding functions.

Read More

Azure Cost Optimization: 5 Things You Can Do to Save on Azure

By: Contributing Writer    3/7/2024

Azure cost optimization is the process of managing and reducing the overall cost of using Azure. It involves understanding the resources you're using,…

Read More

Massive Meta Apps and Services Outage Impacts Users Worldwide

By: Alex Passett    3/5/2024

Meta's suite of apps and services are experiencing major global outages on Super Tuesday 2024.

Read More