in

The Prevalence of Ransomware Attacks during the COVID-19 Pandemic

Since the first ransomware attack struck over 30 years ago, ransomware has grown in size and complexity to become a global menace – threatening every entity that has a digital presence today. 

Ransomware is a type of malicious software designed to seize control of a device or network, denying the victim access to their files – all in a bid to retrieve some ransom, before access can be restored. Ransomware gets into a device or network the same way other viruses and malware do; through a malicious file or link. 

More often than not, a phishing attack is used to perform this act, tricking users into divulging sensitive information. In both cases, the attacker leaves instructions as to how they can be contacted for the ransom to be paid. 

In these trying times, impacted mainly by the COVID-19 pandemic, there has been a noticeable surge in the number of ransomware cases globally. 

Never has there been a worse time for such an attack to be launched as the pandemic has provided numerous ways by which these attacks can be perpetrated. In a report published by Skybox Security, it was mentioned that the COVID-19 pandemic has seen a staggering 72% increase in new samples of ransomware programs with research labs and healthcare companies taking the most significant hit.

One of the primary reasons why these attacks are relatively prevalent in this period is the constant desire for information consumption by the general populace. Realizing this, attackers have swung into a full-time operation, employing the use of phishing attacks to get users to install fake/malicious applications, generate backdoors into devices and networks, install botnets, and ultimately, implant ransomware into these digital entities.

The switch to remote work, which many companies had to make to keep their organizations running, is another reason why ransomware attacks are thriving. This mode of work increases the chances of a successful ransomware attack being conducted as many home networks aren’t as secure as the ones in offices. This, in combination with the likelihood of users falling into COVID-19 themed traps, leaves a lot of firms at the mercy of ransomware attacks. 

Healthcare Sector taking the biggest hit

As many would say, “data is the new gold.” This quote might be the reason why attacks on healthcare companies have also been on the rise. Knowing fully well that these companies would be wielding a large amount of data during this period, a large number of attacks have been targeted at them to steal these data. 

A popular type of ransomware that targeted hospitals is Netwalker, malicious software that has been around for over two decades now. This ransomware is known for exploiting loopholes in web applications and weak RDP passwords of hospitals and businesses, infecting all devices and networks connected to the same network as the original infected device. 

CryCryptor, another ransomware, however, targeted at end-users, was etched onto a cloned version of the official COVID-19 tracer application to be released by Health Canada. Thankfully, a team of security experts developed a fix and has since released it to the public.

Preventive Techniques against Ransomware Attacks

The dangers associated with ransomware attacks can be devastating, and as such, individuals and organizations need to have protective measures in place to prevent and recover from a possible attack. Some of these measures are:

  • The need to avoid opening untrusted links or downloading untrusted attachments cannot be overstressed. Since these are the two significant ways by which ransomware attacks are spread, avoiding them like the plague will go a long way in preventing an attack.
  • VPNs, just like other encryption software, encrypt your data and your online traffic. Employing a reliable and trustworthy VPN can also help prevent your data from getting stolen by malicious actors.
  • All security software used by an individual or organization should be updated continuously to keep the network up-to-date with the latest security upgrades and fixes provided by the software vendors.
  • Regularly educate staff and office personnel on best practices to employ while using the Internet or office network. 

In the event of a successful attack, everyone should have a reliable data backup strategy in place. Since the basis of ransomware attacks are on data hostage, a reliable data storage option puts the power back into the hands of the victim. 

 

Author

Augustina Baker – TechWarn.com

HackTheBox Devel – Walkthrough