India, Friday, August 28, 2020: Barracuda Networks, a trusted partner and a leading provider of cloud-enabled security solutions, highlights the spike in ransomware attacks on the back of COVID-19 pandemic and remote working scenario. Barracuda researchers have identified and analysed 71 ransomware incidents wreaking havoc on government, healthcare, and education organisations.
Although ransomware has been around for more than two decades, the threat has been growing rapidly in recent years. Cybercriminals use malicious software, delivered as an email attachment or link, to infect the network and lock email, data, and other critical files until a ransom is paid. These evolving and sophisticated attacks are damaging and costly. They can cripple day-to-day operations, cause chaos, and result in financial losses from downtime, ransom payments, recovery costs, and other unbudgeted and unanticipated expenses.
In addition to stealing data, encrypting files, and demanding ransom, cybercriminals are also demanding payment from victims, to avoid publicly disclosing information obtained that could cause public humiliation, legal issues, and hefty fines. Many cybercriminals are now combining the use of ransomware and data breaches to double the leverage over their victims in this way. Of the attacks studied, 41 per cent were a combined ransomware attack and data breach. If the ransom is not paid, victims’ data is dumped on the threat actors’ servers or auctioned off on the dark web.
Cybercriminals are now setting their sights on education and healthcare. The steady attacks on healthcare are no surprise, as a variety of cybersecurity threats and attacks related to the pandemic have been widely reported. Attacks on education, including institutions of higher learning, include the theft of personal information and medical records, as well as healthcare research. Logistics-related attacks are also on the rise. These attacks on logistics companies can seriously hamper the ability to move goods, including medical equipment, personal protective equipment, and everyday products.
Speaking on the threat spotlight, Murali Urs, Country Manager-India, Barracuda Networks, commented “With the pandemic forcing millions of workers to switch to a completely remote working model in such a short space of time, it brought with it a myriad of security challenges for businesses. Cybercriminals have taken it as an opportunity to access a massive attack vector. The weak security of home networks makes it easier for them to compromise them, move laterally to business networks, and launch ransomware attacks. Foreseeing their innovative and adaptive nature, we at Barracuda Networks are delivering innovative security products that are easy to deploy and can ensure to safeguard companies and individuals against the attacks.”
The rapidly evolving email threat environment requires advanced inbound and outbound security techniques that go beyond the traditional gateway. This would include closing the technical and human gaps, to maximise security and minimise the risk of falling victim to sophisticated ransomware attacks.
While many malicious emails appear convincing, spam filters, phishing-detection systems, and related security software can pick up subtle clues and help block potentially threatening messages and attachments from reaching email inboxes.
An advanced network firewall capable of malware analysis can provide a chance to stop a user from opening malicious attachment or links to a drive-by download by flagging the executable as it tries to pass through.
For emails with malicious documents attached, both static and dynamic analysis can pick up on indicators that the document is trying to download and run an executable, which no document should ever be doing. The URL for the executable can often be flagged using heuristics or threat intelligence systems.
Spammers are increasingly using their own infrastructure and often use the same IPs long enough for software to detect and add them to blocklists. Even with hacked sites and botnets, once a large enough volume of spam has been detected, it’s possible to temporarily block attacks by IP.
Organisations can make phishing simulation part of security awareness training to ensure that their employees can identify and avoid attacks. Meanwhile, in the event of a ransomware attack, a cloud backup solution can minimize downtime, prevent data loss, and restore the systems quickly, whether the files are on physical devices, in virtual environments, or the public cloud. The 3-2-1 rule of backup must be followed with three copies of files on two different media types with at least one offsite to avoid having backups affected by a ransomware attack.
