Posted by Timothy Lasonde on Thu, Oct 15, 2020
By Tim Lasonde
OCT 15, 2020 — Over the past few months, our engineers have seen a dramatic increase in ransomware activity. Cybercriminals are using the COVID-19 pandemic, and the fact that the majority of today’s workforce is working from home, to find weaknesses and exploit them.
Ransomware threats are not new. However, recent events, like the presidential election, Covid-19, civil unrest, etc., give criminals additional ammo to fool people into making mistakes online. Research shows, it is not just large organizations, government institutions and the healthcare industry that are vulnerable; everyone’s data is at risk. The fact is, your data is important to you and you’d likely be willing to pay to get it back.
Cybercriminals use malicious software, typically delivered as an email attachment or link, to infect the network and lock email, data and other critical files until a ransom is paid. These evolving and sophisticated attacks cause chaos that cripples day-to-day operations, and results in financial losses associated with downtime, ransom payments, recovery and other unanticipated expenses.
With the pandemic putting millions of workers at home, cybercriminals gained a larger attack surface. Cybercriminals can easily compromise a remote worker’s home network, move laterally to a business network and launch a ransomware attack.
In the last three weeks alone, Focus has responded to three targeted ransomware attacks. All three had the typical suite of prevention measures in place, including up-to-date firewalls, spam filters and antivirus software. Yet all three became victims of a compromised network–each attacked in different ways and infected in various areas of the network.
In other words, the traditional layers of security that were effective in the past are no longer enough to protect us today.
The impact of these infections was significant. Although the Focus team wasted no time identifying infection sources and removing them, the fix for breaches like these are never immediate. All three businesses experienced significant downtime with no access to files, email servers or applications for one or more days, which led to lower productivity and an impaired ability to respond to customers adequately.
As the methods to infiltrate networks have evolved, so, too, have the prevention measures designed to combat them. Strategies that use a layered cybersecurity approach with traditional protection methods and updated strategies are the most effective. Adding things like advanced endpoint protection software and email protection that uses AI to look for key indicators of suspicious activity are becoming just as important as having antivirus on your computers.
While the three customers in the above examples lost no data, and we were able to restore their environments, the attacks could have been avoided altogether with more advanced cybersecurity strategies in place.
The fact is, our customers’ networks have essentially doubled since COVID-19. IT departments struggle to have the visibility and tools available to protect the growing technology ecosystem. But with a layered approach that adds vulnerability management, advanced endpoint protection and advanced email protection strategies, you can protect your data and your company from this uptick in cyber-attacks. With these strategies in place, Focus has maintained a 100% data recovery rate.