Circling the Security Wagons - Why Organizations Must Meet the Surge in COVID-19 Ransomware Attacks

By

As the world reacted to COVID-19 by focusing on health and wellbeing, cybercriminals cynically exploited the crisis as a way to trap more ransomware victims. As a result, not only do organizations have to contend with a new wave of attacks, but they must execute prevention, mitigation and recovery strategies during lockdown when IT teams are often still working remotely, sometimes without complete access to their usual infrastructure.

The risks associated with the pandemic are very real for organizations across the economy, transcending physical borders to become global issues. In a joint statement released by the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC), cybercriminals have been attacking healthcare policy makers and researchers involved in the coronavirus response. The statement advised international healthcare and medical research organizations to update passwords and implement two-factor authentication in an effort to reduce attacks via “password spraying,” a tactic used by organizations to use commonly known passwords to access a large number of accounts. This followed an earlier alert from CISA and NCSC warning the same agencies that bad actors were exploiting the pandemic for cyber crime through phishing, malware distribution, false domain names and targeting teleworking infrastructure.

Despite the need to focus on the critical health issues associated with the pandemic, security and IT leaders must now renew efforts to protect their business systems. This doesn’t mean adopting radical new strategies, but it does require an approach that ensures getting the basics right. There are five foundational points to cover:

System Protection
The first critical step to establishing ransomware protection is to focus on system updates and anti-malware software. Systems should be completely current with the latest patches provided by manufacturers. Keep in mind that previous ransomware attacks have exploited security vulnerabilities that have been patched for months, but organizations with poor update processes remained at risk. Beyond system updates, it’s good IT practice to run anti-malware software to prevent as many variants as possible. In preparation for an attack, every business should prioritize backups of their infrastructure - this is the number one solution against an attack.

Endpoint Protection
Malware can hit any computer across IT environments. The infamous WannaCry ransomware malware, for example, was actually an internet worm, not simply a phishing attack, so it was able to spread automatically across networks using a security flaw in Windows. With threats like this, every computer needs to be protected, not just servers or file sharing systems.

The 3-2-1 Backup Strategy
IT administrators know the best strategy for data protection is the 3-2-1 backup strategy, consisting of: 3 copies of data, 2 different formats and 1 offsite location, with an air gap if possible. If all organizational backups are on a single disk that is connected to a main computer, those backups can be encrypted at the same time as source data, rendering them useless. With three copies of data - on the computer, on local storage, and on offsite storage - rapid recovery from ransomware is much more practical.

Detection
Ransomware encrypts the user files on a computer, so monitoring backups routinely can help detect if an attack has taken place. A sudden spike in data being backed up may be an indication that ransomware has encrypted files, allowing mitigation and recovery processes to be put into action.

Recovery
For any organization hit with ransomware, the golden rule is: Do not pay the ransom. The uncomfortable truth is that paying what the criminals demand is no guarantee that data can be restored. There have been many incidents where ransomware software bugs have prevented file decryption, with some specifically designed to only encrypt, regardless of whether or not a ransom was paid.

As cybercriminals step up their ransomware attacks, their success relies on organizations that are poorly prepared, targeting systems that are particularly critical to public health and normal commercial activities. Using tried and tested techniques can go a long way to protecting vital systems and services during the pandemic and beyond.




Edited by Maurice Nagle


SHARE THIS ARTICLE
Related Articles

Top Mistakes Creating High-Quality Website Design

By: Special Guest    10/22/2020

If you want to make a great first impression with your target audience, then creating a high-quality website design is critical. However, there are so…

Read More

Starting Custom Online T-Shirt Store: Tips To Stand Out

By: Special Guest    10/22/2020

Having a shirt that lets people know who you are is something that has been popular with both companies and individuals for years. Corporations can ge…

Read More

How technology helps personal injury victims

By: Special Guest    10/22/2020

Sometimes serious injuries result from accidents. Think of a spinal cord injury, brain injury or whiplash Injury that causes complaints and limitation…

Read More

6 Gadgets That Have Improved Our Health in the 21st Century

By: Special Guest    10/21/2020

One of the most prominent themes of the 21st century so far has been that technology has been with us every step of the way, improving our quality of …

Read More

Innovative Uses for Smart Building Software

By: Special Guest    10/20/2020

Smart buildings are becoming the new norm for a whole host of reasons. Improved energy efficiency, better control of assets and services, better manag…

Read More