Ransomware: How remote work opened the floodgates

by Tony Richardson CISSP

IN A SHORT MATTER OF TIME RANSOMEWARE HAS BECOME A HUGE THREAT AND FOUND ITS WAY INTO EVERY NOOK AND CRANNY OF THE WORKING WORLD.

It’s currently riding waves; infiltrating the remote work space. As more and more people work remotely, opportunities abound for hackers to infect their computers with malware – particularly ransomware. This makes it easy for them to target anyone from software specialists to admin staff who are working from home or the coffee shop; many of which make perfect hacking targets. Remote workers should make sure they have up-to-date anti-malware software on their devices, as well as updating all passwords after every online session. Remote workers also need to be careful about opening anything suspicious; but we’ll get to that later. 

Remote work is a golden opportunity but it’s also a double-edged sword when it comes to cybersecurity.

What is ransomware and how does it work

Ransomware is a type of malicious software designed to extort money from users by holding their data hostage. The best way for people who are unfamiliar with this threat – like parents, and teens just starting out their careers –  to protect themselves is through thorough security practices at home and elsewhere.

The impact of ransomware on the world has been significant. Recent attacks have crippled the ability of hospitals’ to provide crucial services- amid the pandemic – paralyzing public services in cities, disrupting entire healthcare systems.

Ransomware is the most prominent type of malware meaning that we must be more aware of it in the coming months and years as its sophistication develops. The most common way to get ransomware onto your device is through spam email. The messages usually come with an attachment, which if clicked will install malicious software on the user’s device and grant hackers access rights.

How remote work led to a spike in attacks

Two trends are responsible for a stark rise in attacks in the last couple of years: Cryptocurrency and remote work. By definition ransomware involves extortion and with cryptocurrency and other Blockchain assets at high prices, this is a very common ransom. 

“It’s not a coincidence that there are never-before-seen amounts of ransomware attacks happening exactly as shutdowns forced people to go remote,”  

Paul Martini, CEO of cloud cybersecurity company iboss

90% of ransomware attacks are caused by employees unintentionally exposing vulnerable information and giving device, network and platform access to bad actors.

Without the systems in place provided by employers at designated offices, the responsibility for cybersecurity has fallen into the hands of remote employees. This is a big issue because vast swathes of them don’t have the necessary cybersecurity knowledge to adequately protect their devices from the increasingly insidious risks hackers and digital criminals present. Picture a newly onboarded employee who has only ever met with their employer online, in such a situation a cybercriminal will have a less difficult time posing as a line manager or the CEO. 

The bottom line is that with remote work on the rise, so are ransomware attacks. Stay vigilant.

The impact on employers, employees, and the economy

The rise of ransomware has had a major impact on employers, as it makes them more vulnerable and susceptible to cyber attacks. The once- prized possession that was the company’s data becomes worthless when hackers take over systems demanding ransom in exchange for not destroying whatever information is encrypted – usually with an encryption algorithm which can only be accessed using one single password or key phrase found nowhere else but within this malware program. 

But it’s obviously much deeper. The financial, productivity and time ramifications of successful attacks are often disastrous with long term impacts on an organisation. 77 percent of full-time employees temporarily lost access to systems, and 26 percent couldn’t fully perform their professional duties for at least a week, according to the 2021 Ransomware Impact Report from Keeper Security. This results in lost time, customers, ruined timescales and can land a blow to the reputation of any business. 

$67m. Nope that’s not the total impact on the UK economy. It’s merely the financial impact on UHS, a publicly traded company based in the US, in the last QUARTER of 2020 alone. Ransomware is serious business. 

Preventing an attack from happening to your business or personal devices

A few steps you can take to mitigate the potential impact of ransomware attacks include:

  1. While it’s true that backing up important data is the single most effective way to recover from ransomware infection, there are some considerations. Your backup files should be appropriately protected and stored offline or out of band so they can’t be targeted by an attacker who wants access. Using cloud services could help mitigate this risk.
  2. A good way to ensure that your IT security team knows how best to protect against ransomware is by creating an incident response plan. The document should include defined roles and communications shared during attacks, as well a list of contacts such as partners or vendors who might need notification in case something goes wrong – like if they receive suspicious emails from outside sources. Consider adopting this policy too: it will keep everyone aware at all times so no one has any surprises when handling threats. 
  3. Want to keep your company’s data safe? Then it is important that you restrict access and limit the amount of devices allowed on each port. Remote desktop protocols (RDP), are a favourite entry point for bad actors; don’t give them the chance if you don’t need to. 
  4. In order to stay secure, make sure that your organization’s systems are always up-to-date with the latest updates. You should also turn on auto-updates in order for vulnerabilities like these to be fixed quickly and efficiently without having any downtime or impact on business activities such as workflows.
  5. The only way to stop ransomware is by being aware of it. Employees can protect themselves from malicious emails with security awareness training that teaches them what they should look out for in an email before clicking on any links or downloading attachments.

There are other steps you can take too, which is why you should get in touch with us.

 Ransomware is proliferating as it is ‘largely uncontested’ and highly profitable.

Jeremy Fleming, Head of GHIQ

Conclusion

With ransomware attacks on critical institutions in the UK doubling over the course of 2021, it follows that the risks to businesses of all types is also markedly higher. Don’t be one of them. The ransomware epidemic is only getting worse. It’s not enough to simply be aware of the dangers, you must take action and protect your business with a strong cybersecurity strategy in place before it’s too late. 

Now that people are working from anywhere, anytime, and with any device on hand, it is easy for hackers or malware to infiltrate a company’s network without ever setting foot inside an office building. This makes companies more vulnerable than they have been in years past when employees were required to be physically at the desk during business hours. If you are concerned about your organization’s vulnerability to cyberattacks like this one, contact us.