Ransomware attacks jump as crooks target remote working

Ransomware attacks are getting bigger and bolder - at a time where many organisations don't have the resources to fight them off.

Ransomware and hospitals: Why cyber criminals are targeting healthcare during coronavirus and how to stop them

Ransomware attacks surged during the first half of this year, as cyber criminals looked to spread their file-encrypting malware while many people are working from home.

Analysis of malicious activity throughout the year published in Skybox Security's 2020 Vulnerability and Threat Trends Report says ransomware has thrived in the first half of the year, with a 72% increase in new samples of the file-encrypting malware.

The rise in ransomware attacks came when large number of organisations switched to remote working as the world faced the COVID-19 pandemic.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

While the switch to home working has allowed many organisations and workers to remain productive, it has also brought additional risk; security vulnerabilities in remote-desktop protocals – combined with the use of weak passwords by staff – has provided cyber attackers with an additional way into networks.

This, along with the fact that some home workers have not been provided with clear cybersecurity training, has increased the attack surface for cyber criminals – at a time where cybersecurity teams are already overwhelmed because of the new reality of remote working.

It's as a result of this, the report suggests, that ransomware has surged, with security departments unable to fully defend networks against attacks.

And because ransomware is so brutally successful at locking down vast swathes of infrastructure and rendering the network almost entirely unusable, in many cases, the victim feels as if the only option is to pay the ransom – which can cost hundreds of thousands of dollars in bitcoin.

In addition, several ransomware campaigns have actively targeted healthcare and pharmaceuticals in an effort to extort ransoms from organisations directly involved in coronavirus-related treatment and research.

"We observed 77 ransomware campaigns during the first few months of the pandemic – including several on mission-critical research labs and healthcare companies," said Sivan Nir, threat intelligence team leader at Skybox Security.

"The focus and the capability of attackers is clear: they have the means to impart serious financial and reputational harm on organizations," she added.

The report also notes how ransomware operations like Sodinokibi have become well-engineered and effective, pushing profits for attackers even higher – and potentially encouraging lower-level cyber-criminal operations to follow the same path in pursuit of money.

SEE: Ransomware warning: Now attacks are stealing data as well as encrypting it

In order to protect against ransomware attacks during the coronavirus pandemic and beyond, it's vital that organisations take the correct steps to remediate vulnerabilities that could be exploited by hackers.

This includes having full view of all corporate assets across the network and analysing how critical assets could potentially be accessed by moving laterally around the network with or without the correct credentials, and that VPNs, firewalls and other systems are properly configured with the appropriate security patches.

"The need for focused remediation strategies that are informed by full network visibility and clear, data-rich intelligence has never been more pressing," said Nir.

MORE ON CYBERSECURITY