Dealing with a ransomware attack during the COVID-19 pandemic could be a nightmare scenario. While the basics of protecting your organization won’t change during this pandemic; there are some additional challenges that should be considered.
Criminal groups are increasingly switching to COVID-19 themed lures for phishing exploiting your consumers’ and employees’ concerns over the pandemic and the safety of there loved ones.
There’s also evidence that remote working increases the risk of a successful ransomware attack significantly. This increase is due to a combination of weaker controls on home IT and a higher likelihood of users clicking on COVID-19 themed ransomware lure emails given levels of anxiety.
Some current ransomware lures include:
We’ve also seen a move towards more creative ways of extorting ransoms. These include ‘double extortion,’ where ransomware encrypts your data and forces you to pay a ransom to get it back and then sends your data to the threat actor, who threatens to release your sensitive data unless further ransom is paid.
During this pandemic, your organization faces three simultaneous challenges:
The security function, compliance team, and internal audit team may be described as the first, second and third lines of defense. Still, users will always be on the front line — education and awareness matters.
Help staff spot COVID-19 email attachments and website links that could contain ransomware, by showing typical attack examples and providing tips on recognizing lures.
Some practical steps to consider when defending your system against ransomware during these unusual times:
Think through how your organization would deal with a ransomware incident during COVID-19 before it happens.
Cybersecurity matters more than ever during COVID-19, and the risk of ransomware has increased as a result of the shift to remote working.
Be clear on priority actions that need attention for the first 72 hours if a ransomware incident occurs. Where will your organization get the support it needs? Does lockdown constrain the ability to respond? And does the new working model change the priorities for business restoration?
If you have any questions or would like additional advice, please contact us.