In 2019, various ransomware attackers targeted state and local governments. What can be said about ransomware in 2020?
In 2020, the world is already suffering from a coronavirus pandemic. During this crisis dealing with a ransomware attack could be a nightmare scenario. While the basics of security measures for protecting your business are not changed, there are some additional challenges that should be considered.
The ransomware became headline news this week when a major ransomware attack failed against Tesla. The Associated Press stated that: “Tesla CEO Elon Musk solved a mystery involving a 27 year old Russian, an insider at an unnamed corporation and an alleged million dollar payment offered to help trigger a ransomware extortion attack on the firm.”
Ransomware is stable
With the rise of Covid-19, more attack groups are increasingly switching to Coronavirus themed lures for phishing exploiting your customers and employees.
Also with the increase of remote working, the risk of a successful ransomware attack significantly increases. A Combination of weaker and less secure home routers and a higher likelihood of users clicking on Covid-19 related ransomware lures emails are the main reason for this increase.
Some common ransomware lures emails are like:
- Update about vaccines, masks and hand sanitizer.
- Financial scams offering payment of government help during the economic shutdown.
- Free downloads for technology solutions of video and audio conferencing platforms which are high in demand.
- Critical updates to Social Media applications.
We have also seen advanced ways to force the target businesses. These include ‘double extortion’ where ransomware encrypts your data and forces you to pay a ransom to get it back. On the second side, send your data to the threat actor, who threatens to release your sensitive data unless further ransom is paid.
To protect our organizations, during this pandemic we need to adapt following practices :
- Ransomware can overwrite online backups. Take full system backups of your servers, databases and filestores regularly and make sure the validity of those backups.
- Keep an additional archive copy of key servers and data sets that are stored off-line or in a form that can’t be accessed by a criminal who gained domain administrator rights.
- Be more careful in the configuration of email phishing controls. Flag emails which are external from the organization and make it easy for employees to report suspicious emails. Along with that use a Covid-19 community blocklist.
- Encourage a strict separation between personals and cooperate devices, employees can use their own devices for personal email and browsing activity.