It should come as no surprise that cybercrime has risen dramatically in the era of Covid-19. Hackers and cybercriminals have always sought out vulnerabilities in IT systems and networks, but the pandemic has opened up a new path for their deceptive tactics, exploiting fear and uncertainty among the public. In particular, ransomware — a type of malware that surreptitiously infects an individual’s computer, encrypts the victim’s data, and demands a ransom to receive the decryption key — has seen a big spike during the pandemic.
Ransomware Attack Vectors
The typical attack vector is a phishing email, in which the user is duped into clicking on a malicious link promising information on Covid-related supplies or information. The cybercriminals then demand a ransom that can range from hundreds or even thousands of dollars, payable in many cases with Bitcoin. Users suffer initially by paying the ransom, but some bad actors then sell the information on the Dark Web for additional gain.
KPMG has highlighted several of the pandemic-related ransomware lures, which include:
- Information on vaccines, medical masks, or in-demand supplies like hand sanitizers.
- Scams that offer financial assistance for people or businesses during economic shutdowns.
- Deals on popular technologies like video conferencing solutions.
- Technical updates for collaboration and social media solutions.
To make matters worse, more and more employees are working from home. They spend more time online and have more opportunities to run into ransomware scams. And importantly, companies find it more difficult to monitor employee online habits and train them to avoid potential attacks. The KPMG report recommends that companies give their employees a practical guide on how to recognize phishing emails or malicious attachments (including images of what common lures look like), and what to do if their device becomes compromised.
Rising Ransomware Cases During Covid-19
Just how pervasive have ransomware attacks become this year? A recent report from Security magazine illustrated how the pandemic has driven a surge in ransomware attacks. Among the key findings:
- The pandemic sparked a 72 percent increase in malware growth, with 77 ransomware campaigns in just the first few months of the pandemic
- There was a 50 percent increase in mobile attacks during the period, blurring the lines between corporate and personal networks attacked
- Predicted new vulnerabilities by the end of 2020 exceeded 20,000, easily breaking previous records
Attacks in Healthcare
The FBI, along with the Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services recently published a warning about imminent ransomware threats to US hospitals. The cybercriminal group behind these recent attacks was known as UNC1878, a.k.a. “Wizard Spider,” operating out of Eastern Europe. The group used a TrickBot trojan to gain access to an unsuspecting hospital user’s computer and networks, and used the Ryuk ransomware code (responsible for 75 percent of ransomware attacks on healthcare organizations) to extort the victims. In one case, a hospital was forced to operate entirely on paper after the computers were compromised and taken offline.
Hospitals affected by the attacks included St. Lawrence Health System in New York, Sonoma Valley Hospital in California, and Sky Lakes Medical Center in Oregon, according to the report. Ransomware attacks on US hospitals have risen by 71 percent from September to October 2020, according to cyber security company Check Point.
Other Top Ransomware Attacks of 2020
Ransomware attacks continued to grow across the board in several industries. Following are some of the more visible attacks this year:
- Cognizant: The IT services company had its network infected by the Maze ransomware variant, which was expected to cost the company between $50 and $70 million in the second quarter of 2020.
- Magellan Health: The healthcare organization was hit by ransomware that impersonated one of their clients, enabling hackers to gain access to the company’s servers and breaching 1.7 million pieces of customer data.
- Communications & Power Industries (CPI): The electronics manufacturer paid a ransom of $500,000 after a domain administrator clicked on a malicious link that downloaded the ransomware.
- Carnival Cruises: Hackers breached the company’s servers and gained access to personal information of guests, employees, and the crew.
What You Can Do to Mitigate Ransomware Threats
Cyber security teams have their work cut out for them in the era of Covid-19. But they do have an ace up their sleeve — staying educated on the current threats and training to respond in the most effective way. Cyber security professionals have at least two important options when it comes to skills training.
First is the Certified Information Systems Security Professional (CISSP) certification, considered to be the gold standard in the field of information security. Governed by the International Systems Security Certification Consortium (ISC)², this specialty empowers IT professionals to design and manage security controls in business environments.
Second is the Certified Information Systems Auditor (CISA), who is trained to govern and control enterprise IT, particularly in performing an effective and efficient security audit on any IT organization. CISA holders gain expertise in the acquisition, development, testing and implementation of information systems and learn the guidelines, standards and best practices of protecting them.
Either choice is an excellent start to preparing security teams for the challenges ahead.