Following predictions made in 2019, ransomware has surged in 2020; however, the mass shift to a largely remote workforce has amplified existing trends. Observers have noted a sharp increase in hackers targeting employees working from home as they leverage the unfamiliarity of many with telecommuting cybersecurity. With a widespread lack of proper security training and education among many that are remotely accessing desktops, cybercriminals see an unprecedented opportunity to collect ransoms.
Learn more about how ransomware is affecting the remote workforce during the pandemic, and how you can protect against it:
Phishing Surges During COVID-19 – What You Need to Know
One of the top cybersecurity lessons learned during COVID-19 is that phishing is the go-to tactic for hackers going after individual employees, though each has a preferred delivery method. However, the end objective still remains the same, as does the thinking behind each technique. The shift to working from home has only exacerbated the factors that make malware infection through spoofing such an effective cyber attack.
The growth of ransomware was a natural evolution of this cybercriminal culture as it allows for a much quicker, easier and more emotionally-driven payday from successfully breaching a network. Instead of shopping for clients hackers can just sell your data right back to you as a captive market, and if you do not want to pay then they can steal it and use it to threaten your reputation (or compliance). Remote workers can often be perfect phishing targets, as many will be ignoring strict cybersecurity practices between the distractions at work and home, and out of the watchful eye of underequipped IT departments.
The Russians are Coming – Gangs Target Telecommuters
Ransomware gangs can come from anywhere, but many of the most prolific are from North Korea and Russia. One of the latter, a notorious group calling themselves “Evil Corp” that may be tied to the Russian government, has already been caught targeting at least 31 organizations in the US through their remote workers. Despite already being under the scrutiny of American authorities, they managed to infect and collect $10 million in ransom from GPS giant Garmin – all because an employee fell for a phishing email.
There have been quite a few high-profile data breaches that were tied to surges in ransomware gang activity like with Evil Corp. and their contemporaries. It is likely that their committed campaign reflected a general understanding among hackers of the increased cybercrime opportunities during the coronavirus pandemic.
Top Ransomware Used for Remote Workers
Though too often a successful malware infection will go unnoticed, researchers have been able to document the types of ransomware that are seen most often in 2020. Many collectives have displayed a pattern of shifting between different toolkits for each campaign, however, there are a few repeat offenders that were likely shopped around and bought on the Dark Web. Here are the top file types that have been witnessed the most so far:
- Maze
- REvil
- Ryuk
- Tycoon
- NetWalker
- WastedLocker
- Dharma
- DoppelPaymer
It is important to note that there are many more file types out there that have yet to be uncovered, and even many of those that have been are only verified through their copious usage. While some “families” of ransomware are often associated with a specific gang (often its creator), through darknet exchanges – and theft – the toolkits are proliferated among hackers of a wide range of skill. Sophisticated hackers are a real danger, but even amateurs can get lucky if they come across a weakly defended endpoint, and have the time and persistence to exploit it.
Cybercriminals Exploiting Employees Working from Home
There are many benefits to a distributed workforce despite the cyber risk, however, the problem is that cybersecurity should be the number one concern for telecommuting employees. Bad security practice was unfortunately a common enough trend before COVID-19 – this pattern crossed over into the new normal and amplified existing vulnerabilities. Your business must adjust its understanding of IT for a working from home environment to limit your attack surface and mitigate the threat of ransomware.
Remotely accessing business data needs to be done across secure channels and with extra layers of cybersecurity to distinguish real users from intruders. Hackers are exploiting bugs and gaps that were already present before the pandemic, but are even more exposed for employees working from home with less oversight.
Protect Your Remote Workforce from Ransomware
The ransomware surge is part of a greater cybersecurity crisis that was expanded by the new normal, but has been affecting SMBs for quite some time. Cyber threats from within and without are exposing smaller and mid-sized business to increased malware risks – discover how to identify and combat them with help from SWK.
Download our guide on The Cybersecurity Crisis and learn how to protect your remote workforce from ransomware and other cyber threats.