Ransomware: Surge in attacks as hackers take advantage of organisations under pressure

Cyber criminals are doubling down on ransomware attacks, deploying more sophisticated campaigns at a time when remote working is already creating additional security challenges for businesses.

How cyber criminals are looking to exploit coronavirus for hacking campaigns

The number of ransomware attacks has significantly grown over the past few months as cyber criminals look to cash in on security vulnerabilities opened up by the rise in remote working.

Researchers at cybersecurity company Check Point said the number of daily ransomware attacks across the globe has increased by half over the past three months – and that they've almost doubled in the US.

One of the reasons ransomware attacks are on the rise is because of the swift switch to remote working that has forced many people to work from home for the first time, something that could leave them vulnerable to phishing emails and malware attacks, especially on a home network that likely won't be as secure as an enterprise environment.

SEE: Security Awareness and Training policy (TechRepublic Premium)

Working from home also makes monitoring devices for malicious activity harder for information security teams than it would be if every user was under one roof, providing hackers with a better chance of going about their business unnoticed.

"The increase in ransomware attacks began with the advent of the coronavirus pandemic, as organizations scrambled to enact remote workforces, leaving significant gaps in their IT systems," said Lotem Finkelstein, head of threat intelligence at Check Point.

Investigating and restoring the network following a ransomware attack takes weeks or months and when this is combined with employees working remotely, some organisations simply prefer to give into the ransom demands and pay hundreds of thousands or even millions of dollars in bitcoin in order to restore the network as quickly as possible.

Cyber criminals have also added a new tactic to encourage victims to pay up – threatening to leak confidential information or personal data if a payment isn't received.

However, while some businesses might view paying ransoms as the best way to restore the network without causing additional damage, paying cyber criminals only encourages them to continue with ransomware attacks.

Check Point identified the Ryuk ransomware as one of the most prolific families of ransomware over the past few months, with the number of Ryuk attacks rising to around 20 a week. That might not sound like a lot, but each Ryuk attack is meticulously planned to inflict the most damage and disruption.

Ransomware preys on organisations that can't afford to have their networks taken down by an attack – which is likely the reason why researchers point to a two-fold increase in the number of ransomware attacks against healthcare organisations over the past few months.

Hospitals and research facilities are already under pressure because of the coronavirus pandemic, meaning that systems remaining operational is vital – and that in some instances, healthcare institutions affected by a ransomware attack will just pay the ransom, viewing it as the least worst option for keeping patients safe.

"The last three months alone have shown alarming surges in ransomware attacks, and I suspect the ransomware threat to get far more worse as we approach the new year. I strongly urge organizations everywhere to be extra vigilant," said Finkelstein.

SEE: Ransomware is your biggest problem on the web. This huge change could be the answer

However, it's far from impossible to protect networks from ransomware attacks. Check Point researchers recommend security patching as a "critical" component of protecting against ransomware attacks, as many exploit known vulnerabilities to gain a foothold on the network.

It's also important for organisations to continuously backup their data, because in the event of a ransomware attack or any other situation that corrupts files and data, the network can be restored from a recent point.

Businesses should also train users on how to identify and avoid potential ransomware attacks, especially if employees are going to be working remotely going forward.

MORE ON CYBERSECURITY