Security vendors Avast have released figures on the rise of ransomware attacks during the Covid-19 crisis.
Figures have risen globally, and Australia specifically has witnessed a 10 percent increase in ransomware attacks during the pandemic, when compared to January and February 2020.
Most attempts were made in March, while in April the values began to return to normal. Worldwide, Avast experts observed 20 percent more ransomware attacks.
“During the pandemic, in March and April, we had to protect ten percent more users in Australia against ransomware attacks than at the beginning of the year, in January and February,” said Avast malware researcher Jakub Kroustek.
The Australian Cyber Security Centre recently noted that “advanced persistent threat (APT) actors” have been actively targeting health sector organisations and medical research facilities during the Covid-19 crisis, potentially trying to steal research into vaccines and epidemiology.
The number of other types of malware attacks has also increased, and the times of attacks have shifted. “In the pre-quarantine period, it was clear in most countries around the world that malware campaigns were reflecting the work week, with fewer of them being active on weekends than on weekdays. However, these differences blurred during the pandemic, as users and attackers alike probably worked more on weekends and from home,” Kroustek describes of his findings.
Analysts are currently observing two major trends. The first is large-scale attacks targeting end users and smaller manufacturing and service businesses. Ransomware is usually spread through emails, exploit kits or as part of illegal software, and the most common strains have long been Phobos, CrySiS or STOP ransomware.
The second trend is attacks aimed at specific targets, which are either large companies or institutions from the health, transport and education sectors. “We have seen a significant growth of this type of attack, especially in the last year and a half, which has accelerated significantly during the pandemic,” adds Kroustek.
They mainly use vulnerabilities in poorly secured applications (especially RDP) and spear phishing to spread. The most common strains include Sodinokibi, Maze, Nemty or Snake. Their operators are now using a technique called doxing, which allows them to copy victims’ files, such as documents, employee and customer records, or source code, before encrypting them. If the victim refuses to pay the ransom, the attackers will either publish or sell these files on the darknet.
How to protect against ransomware:
● Install an antivirus program that will detect and catch ransomware attacks.
● Always keep all programs, browsers, and the operating system up to date. New updates are important not only because they bring new features, but may also include fixing of security vulnerabilities that can be easily exploited by attackers.
● Back up your data regularly. It is good for all cases to back up to cloud and physical storage.
● If your device is infected with ransomware, first of all disconnect it from the network to prevent the virus from spreading to other devices. Then contact your IT department, or as a consumer, a tech support company.