The Pandemic’s Impact on Ransomware

Below are just a few examples of how the COVID-19 pandemic has affected enterprises and “regular” people alike from a cybersecurity perspective:

• US Homeland Security warns on August 12, 2020 that malicious cyber actors “spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails.”
• Home delivery explosion? In the quarter ending August 31, FedEx grew from 8.8 million daily deliveries to 11.6 million daily deliveries. Cyberthieves recognize this exploitable opportunity by using an Avaddon phish in a fake email from FedEx that, according to a recent ComputerWeekly article, “uses an embedded malicious link to deliver Avaddon ransomware and Racoon Stealer.”
• VMWare/Carbon Black has released a fascinating study that shows not only a 148% increase in ransomware attacks, but also provides interesting information about targeting of attacks “Correlated to Notable Coronavirus News” [and events.]

Back to School Evolves and Increases the Impacts of Ransomware

The University of Utah recently experienced a ransomware attack resulting in a $450,000+ payment to the attacker, but the payment was not just for the key to decrypt files that were attacked. In a statement by the University, the moneys were paid primarily “to ensure [private] information was not released on the internet.” Cyber criminals threatening the release of private data in conjunction with illegally encrypting data is a serious evolution in ransomware attacks and hits at the very heart of compliance concerns.

Becoming More Ransomware Resilient

With over 50% of organizations surveyed as not capable of surviving a disaster and 91% experiencing a tech-related business disruption, all business needs to consider methods to become more ransomware resilient. For its separation from local and local network-based assets, assure you have cloud backup and restore capability that also meets compliance requirements. Ransomware often targets resident backups and can also seek backups on shared network drives indicating that an automatic cloud-backup strategy, for device and network storage, can significantly reduce the potential impacts of ransomware. Other ransomware resilience considerations:

• Employ a multi cloud strategy: A multi-cloud strategy can help ensure your environment is spread out between multiple providers so that if one of them experiences an attack, the rest of your environment is quarantined.
• Follow the 3-2-1 rule:The rule is 3 different copies of your data, on 2 different media, 1 of which is offsite. Consider sending your backups offsite to the cloud or even tape using a cloud-based solution such as Otava Cloud Connect.
• Use air-gapping for extra resilience: Air-gapping is defined as taking your media offline. Powering off VMs, auto-ejecting removable storage, and using an out-of-band protection solution where backups are taken via the same backup copy job on the network, then automatically sent to a service provider in the cloud, are all ways of air-gapping your backed-up data.
• Use different credentials for backup repositories: Use separate credentials for each of your backup repositories. If one set of credentials is compromised, you can still rely on your other repositories. Also, restrict user permissions as much as possible, this could help prevent the infection from spreading.
• Use updated Email and web filtering tools: Prevent ransomware from getting to you in the first place, most ransomware infections start with email phishing attacks.
• Consider implementation of Zero Trust: Zero trust is an initiative to move from “trust but verify” to a “never trust, always verify” approach. In practice, this model considers all resources to be external and continuously verifies trust before granting only the required access

With ransomware costs estimated to approach nearly $1.5B in the US during 2020, it’s important for your business to implement the highest level of resilience possible against this evolving disaster. If you are looking for more help increasing your ransomware resilience, Otava can help. Our Veeam Availability Suite offers ransomware protection, powered by Veeam. Get seven-day backup protection that leverages Veeam Insider Protection, ensuring your data remains intact even if a malicious third party remotely wipes your backup data. Start with a free 30 day trial or contact us to learn more.

Related Articles

Looking to learn more about ransomware? Check out the articles below. Have more questions? Our team of experts is happy to help. Simply contact us or call 877-740-5028.

What are the top sources of ransomware infection?

What is ransomware and how do you protect against it?

Video:  Ransomware preparedness with Otava, Veeam and MSPs: Our panel covered many topics in a roundtable-style discussion, starting first by reviewing the main strains of ransomware prevalent in the industry today, and what they’re seeing in terms of risk mitigation.