Why Is Ransomware Spiking Now (And How Can We Fight It)?

The pandemic has created unexpected challenges, and cybersecurity is no exception. While ransomware had been tapering off, it’s increased since March.
IT pro with glasses looking at laptop pensively and wondering about ransomware

Things seem to have settled into a tenuous rhythm since the initial shock to our institutions caused by the coronavirus pandemic. The shift to an all- or mostly remote workplace has not been without its hiccups but has allowed many companies to continue doing business while stemming the spread of the virus. This new, sudden and unexpected way of working, though, has had consequences. Just as there have been – and will continue to be – unforeseen social, economic, infrastructural and individual challenges as a result of the pandemic, there have also been unanticipated challenges in the world of cybersecurity.

Cybersecurity pros, working in an already high-stress profession have had, like so many others, to deal with the challenges of maintaining peak performance amid extreme uncertainty while balancing work and home commitments suddenly heaped upon them. More surprisingly, even the that cybersecurity pros need to stave off have changed. For example, ransomware, a type of malware attack that had actually been experiencing a bit of a downturn pre-pandemic, has skyrocketed since mid-March 2020, outpacing other common cybersecurity threats.

The question is, why? Why not spikes in any number of advanced enterprise data breaches? Why not an avalanche of other malware or more advanced forms of fraud? Why is ransomware, in particular, exploding?

The answer is found in the destructive synergy between a world plunged into chaos and ransomware’s unique profit model. Digging into the specifics of ransomware attacks and building our understanding of why this mode of criminality is a perfect fit for the weaknesses imposed on enterprise IT by the pandemic, can teach us a lot. Specifically, what steps businesses and their CompTIA-certified cybersecurity pros will have to take to harden their defenses, keeping enterprise systems and employees alike, safe from exploitation.

Get the Skills to Fight Cybercrime with CompTIA

Stay ahead of the bad actors! The CompTIA Cybersecurity Career Pathway helps IT pros achieve cybersecurity mastery from beginning to end, including new updates in 2020 to CompTIA Security+ and CompTIA Cybersecurity Analyst (CySA+).

Learn More

Low Risk, High Reward: A Perfect Storm for Ransomware

The massive increase in people working from home has opened up a whole new world of ransomware victims for a few different reasons. Work from home employees are often using their own devices, meaning the cybersecurity department has no view into the applications, configurations, data or any other element that might help circumvent an attack.

Even if cybersecurity pros at a given company have practices in place for pushing out patches and upgrades to work-from-home devices, the sheer volume of traffic going through virtual private networks (VPNs) has positioned businesses to prioritize other things over rolling out patches critical to maintaining enterprise-grade security.

And these same users whose computers are not appropriately secured are no longer protected by perimeter security that would knock out obvious ransomware emails or block traffic to sketchy websites. The most successful criminals always go with what’s easiest first, and with a world of panicked people computing from insecure environments, making money via ransomware suddenly got way easier. In other words, more unprotected endpoints means more opportunities.

While ransomware originally targeted individuals, in recent years targeting enterprises in areas like financial services or health care emerged as a more lucrative hustle. Such businesses store sensitive data, like personal or financial information, that they absolutely need to do business. Because of that, companies are more likely to pay up – and pay big – to get their records back. Much more so than a home user with a drive full of family photos who happened to click on the wrong link. 

Unfortunately, during the pandemic we’re seeing the worst of both worlds. With an unprecedented number of people suddenly computing from home, stressed, and vulnerable to exploitation, the private end user is once again a target – and a convenient gateway to an employer.

Amid the ongoing economic chaos and uncertainty, businesses that might normally spend time with cybersecurity consultants figuring out how to decrypt, contain or circumvent malware are already overwhelmed. The last thing any business needs right now is downtime, so companies are more likely to pay up and try to make the problem go away.

However, new research continues to show that paying the ransom rarely works in a business’s favor. For instance, businesses that do not pay lose an average of $732,000 in downtime, remediation costs and the like, but businesses that pay end up losing, on average, $1,448,000. This is consistent with other findings that indicate only 26% of the enterprises that paid a ransom actually got their data back.

The perception though, not the reality, is what moves end users and businesses to pay up – and what keeps ransomware spreaders in business.

New Takes on Old Scams

There are other understandable, very human weaknesses that ransomware spreaders have been taking advantage of throughout the pandemic. A flood of ransomware vectors disguised as pandemic-related news links is one of them. Since the pandemic is the news these days, links related to therapeutics, vaccine timelines and the like provide bad actors an opportunity to deceive.

And since they are remote versus on site with an IT department, employees may need to install video conferencing software and other programs they might not be familiar with. Ransomware can be disguised as these business-critical tools.

Simply put, we’re living in a world where people are more easily tricked and more likely to pay, and the technological fail safes we rely on to protect ourselves are compromised as well. As with all pandemic-related challenges, protecting enterprises from ransomware given these circumstances is an intimidating task.   

Fighting Chaos with Coordination

In the years preceding the pandemic we often talked about the challenges of keeping an increasingly remote workforce cybersecure. The pandemic forced us to make a quantum leap forward in our adoption of work-from-home technology. The cybersecurity concerns we now face have grown and expanded in unpredictable ways.

We can handle these new challenges, though, with the right methods.

Cybersecurity pros can help in the following ways:

  • Enact enhanced cybersecurity communication strategies to educate end users in easy-to-understand language about the types of threats they might encounter and how to avoid them.
  • Act on threat intelligence, and harden endpoints and cloud apps appropriately.
  • Develop new creative methods of mitigating ransomware attacks to make sure that end users aren’t forced into paying up and data remains unequivocally safe.

While these are only a few suggestions for stemming a ransomware epidemic in a panicked world, their common trait is that they rely on organized, thoughtful strategy. Granted, remaining calm has grown more difficult amid the crisis of the pandemic, but proceeding rationally is one of the most powerful tools we have in any crisis.

The knowledge and trusted skills conferred upon cybersecurity staff with CompTIA certifications act as a foundation for organized thinking. Whether we’re taming the massive onslaught of pandemic-era ransomware or fending off the next spike in opportunistic cybercrime – organized thinking and strategy created and deployed by skilled, CompTIA-certified cybersecurity pros will get us through these unprecedented times. 

Get more articles like this delivered right to your inbox. Subscribe to CompTIA’s IT Career News and save 10% on your purchase of CompTIA training or exam vouchers.

Email us at blogeditor@comptia.org for inquiries related to contributed articles, link building and other web content needs.

Read More from the CompTIA Blog

Leave a Comment