Ransomware in the Time of COVID-19

Summary

While businesses and organizations are still struggling to establish work-from-home accommodations and keep their operations running, cyber threat actors have not faltered. Ransomware incidents continue with business as usual, targeting small and medium-sized businesses and large corporations alike. In just the last week, ATM provider Diebold Nixdorf, media and entertainment law firm Grubman Shire Meiselas & Sacks, Pitney Bowes, and the Texas Office of Court Administration all publicly acknowledged ransomware attacks on their networks. In the case of Grubman and Pitney Bowes, the threat actors stole data from the network prior to encryption, an increasingly popular tactic employed by threat actors in an attempt to force victims to pay ransom demands to prevent disclosure of the stolen data. The Ako ransomware variant increased its extorting attempts by demanding two ransoms, one for file recovery and one to not publish stolen data. Ransomware demands have also greatly increased. Coveware reported that the average ransom demand increased to over $110,000 in Q1 2020, up from $87,000 in Q4 2019. Businesses and organizations in New Jersey have also been victimized by ransomware in recent weeks, further complicating operations in a state severely impacted by COVID-19.

Recommendations

The NJCCIC recommends businesses and organizations follow ransomware risk mitigation strategies to reduce their risk of a ransomware infection and ensure they have a comprehensive data backup plan in place that includes keeping multiple, tested copies offline with at least one in a separate and secure location.