Ransomware Attacks, Funds Demanded Soared in 2019: Beazley
The number of ransomware attack notifications against insurance clients increased by 131% in 2019 and the funds demanded by the attackers surged along with the counts.
A new report from specialty insurer Beazley’s Breach Response (BBR) Services, cybercriminals have been asking for seven- and even eight-figure sums in some cases.
The two most common forms of attack to deploy ransomware are phishing emails and breaching poorly secured remote desktop protocol (RDP). RDP enables employees to access their work computer desktops or company’s primary server from home with the press of a button.
That convenience comes with added risks that are heightened now as the coronavirus has forced more employees to work from home, noted Katherine Keefe, global head of BBR Services. Using RDP can make IT systems more susceptible to attack without the right security measures in place, she said in a statement.
She said that in the current “pressured environment” created by the need to work for home as the coronavirus spreads, it is very important for employers to reduce the vulnerability of their IT infrastructure.
“Always ensure employees can access their computer using a virtual private network with multifactor authentication,” she said. “It is important to whitelist IP addresses that are allowed to connect via RDP, and make sure that unique credentials for remote access are in place—particularly for third parties.”
Beazley’s BBR services managed a growing number of ransomware incidents for policyholders that actually resulted from attacks on IT service providers and other companies providing support services. In some cases, these attacks halted the operations of hundreds of customers downstream from the attacked IT provider.
Keefe cited a troubling evolution in the development of ransomware in recent years. While earlier ransomware was just used to encrypt a target’s data as leverage for a ransom demand, more recently, attackers have been using ransomware variants in tandem with banking Trojans. “This two-pronged attack leaves organizations not only with the debilitating impact of its critical systems and data being encrypted, but also with the added risk of data being accessed or stolen,” she said.