What the coronavirus can teach us about ransomware

COVID-19 has changed the world. That’s not hyperbole. It’s objectively true.

It has redefined our relationship with our jobs, forcing businesses around the world to support a distributed, remote workforce. It has changed how we view productivity and spits in the face of a traditional nine to five job. The virus has completely disrupted the traditional approach to cybersecurity, destroying the security perimeter and showing just how dangerous the threat of ransomware has become.

Whatever else you might say about the coronavirus pandemic, it can teach us a great deal about ransomware, from the most common tactics used by criminals to how to protect yourself against them.

Hackers Are Excellent at Playing on Anxiety

In April 2020, security firm Trend Micro reported that COVID-19 was being used in a wide range of malicious campaigns, including email spam and ransomware. For anyone familiar with the tactics typically employed by bad actors, this comes as no surprise. Cybercriminals are experts when it comes to social engineering, using our fear, carelessness, and anxiety against us to great effect.

The good news is that with a little knowledge, these tactics are easily-countered. Coach your employees on reputable sources of information about the coronavirus pandemic, and maintain well-established and readily-available policies on organisational communication.  These should include, among other things:

  • Using a secure file sharing solution and advising employees against opening any files sent without using that solution.
  • Verifying any information requests, no matter who they seemingly originate from.
  • How to recognise the Fear, Uncertainty, and Doubt (FUD) tactics typically employed by criminals.

The More Critical the Asset, the Likelier It Will Be Targeted

As reported by tech publication Wired, criminals have seized upon the coronavirus pandemic with aplomb, targeting critical data and infrastructure during a period in which even brief downtime can put lives at risk. It’s disgraceful, but again, it’s unsurprising. Greed-driven hackers have known for decades that healthcare organisations and public sector agencies are perfect targets – just look at what WannaCry did to the UK’s National Health Service.

They know that if their target doesn’t have backups immediately at the ready, they’ll have two choices. Either they can pay the ransom to regain access or they can put countless people at risk while attempting to restore functionality. It’s a horrendous choice that no person should have to make.

The Microsoft research cited by Wired found that attackers will typically gain access to a network via an unpatched vulnerability. The message, then, should be clear. Update your software, and do not, under any circumstances, rely on outdated or unpatched infrastructure.

Beyond that, it’s imperative that you lock down your most important assets in such a way that you know, at any given time, where they are and how they’re being used.

Backups are critical. No exceptions.

System monitoring aside, the best defence against ransomware has remained the same since its inception. Multiple air-gapped backups, a minimum of three. If there is a system you cannot afford to lose access to or data you cannot afford to be locked out of, back it up in as many ways as you possibly can without compromising its security or integrity.

At least one of these backups should be stored offsite, and access to them should be strictly controlled, restricted to a small group of security personnel. Depending on how critical your data happens to be and how frequently you need to back it up, you may want to automatically run a backup process monthly, weekly, or even daily. Collaborate with your colleagues to determine what works best for your organisation.

The oldest trick in the book

Ransomware has been around almost since the earliest days of the Internet, and it’s not going anywhere anytime soon. Today, cybercriminals are using the coronavirus pandemic in an effort to victimise individuals and corporations. Tomorrow, it will be something else.

Awareness of this is the first step in ensuring their insipid efforts do not bear fruit.

Image by Gerd Altmann

Share This