Dealing with ransomware attacks are challenging enough in normal operating environments, but handling an attack during the coronavirus (COVID-19) pandemic adds additional difficulties. While the basics of protecting your organisation shouldn’t change during this pandemic; there are some additional complications that need to be considered.
Criminal groups are increasingly switching to COVID-19-themed lures for phishing attacks aimed at exploiting your consumers’ and employees’ concerns over the coronavirus and the safety of their friends and family.
There’s also evidence that remote working significantly increases the risk of a successful ransomware attack. This increase is caused by a combination of weaker controls on home IT networks and a higher likelihood of users clicking on COVID-19-themed ransomware lure emails given our levels of anxiety.
Some current ransomware lures include:
We’ve also seen a move towards more creative ways of extorting ransoms. These include ‘double extortion,’ where ransomware encrypts your data and forces you to pay a ransom to get it back and then sends your data to the threat actor, who threatens to release your sensitive data unless further ransom is paid.
During the coronavirus pandemic, your organisation faces three simultaneous challenges.
But there are steps that organisations can take to protect their networks and their staff from attacks.
The security function, compliance team, and internal audit team may be described as the first, second and third lines of defence. But when we consider phishing and ransomware attacks – users will always be on the front line so education and making them aware of the threats is important.
Businesses can help staff spot COVID-19 email attachments and website links that could contain ransomware by showing typical attack examples and providing tips on recognising lures.
Think through how your organisation would deal with a ransomware incident during COVID-19 before it happens.
Cyber security matters more than ever during coronavirus, and the risk of ransomware has increased as a result of the shift to remote working.
Be clear on priority actions that need attention for the first 72 hours if a ransomware incident occurs. Where will your organisation get the support it needs? Does lockdown constrain the ability to respond? And does the new working model change the priorities for business restoration?
If you have any questions regarding the content of this article and would like speak to someone from our team please contact us.