A recent report from analysts at Atlas VPN found that as the pandemic continued more and more threat actors were using it as an avenue of attack. Covid related trojan infections shot up 228% in the third quarter of 2020, compared with the previous quarter.

They found that malicious campaigns typically use pandemic-related subjects, including testing, treatments, cures and remote working to lure targets into clicking or downloading malicious entities.

Rachel Welch, COO of Atlas VPN says that panicking citizens often forget basic cybersecurity practices and fall into the trap: “To protect yourself online. Strictly only download from reputable websites or other sources. Make sure to keep your operating system and other software up to date, attackers often exploit software vulnerabilities that are only available on outdated platforms.”

KPMG’s research supports the trend that criminal groups have switched to Covid-19 themed lures over the last year, exploiting consumer and employee anxiety.

KPMG established, what was well known and feared, that remote working increases the risk of a successful ransomware attack significantly. This is due to a combination of weaker controls on home IT and a higher likelihood of users clicking on pandemic themed ransomware emails.

Some current lures include…

• Information about vaccines, masks and short-supply commodities like hand sanitiser
• Financial scams offering payment of government assistance during the economic shutdown
• Free downloads for technology solutions in high demand, such as video and audio conferencing platforms
• Critical updates to enterprise collaboration solutions and consumer social media applications

That standard preventative and detective organisational controls have had to adapt to permit flexible working and internal security teams are managing incidents in unfamiliar conditions – such as lockdown – has also led to further challenges.

McAfee found several strands of malware using Covid related tactics too. The first threat was Ursnif, a banking Trojan, back in January. Other ransomware strands are Fareit – an information stealer that heists data from web browsers and email clients and Netwalker a ransomware which has used the filename “CORONAVIRUS_COVID-19.vbs”. But first prize for pandemic-related innovation goes to Azorult , a malware that steals data from the victim's machine. Uniquely, the creators of Azorult created a fake Coronavirus infection map website.

Now we know the threat, here are 10 ways you can protect your business from ransomware

1. Give staff a practical guide on what to do if their device is compromised. Reassure them about any personal threats received, provide details who to call and what to do with the infected device including disconnecting it from the internet.
    
2. Reinforce a no blame culture. It’s more important that staff feel confident to report incidents and allow the organisation to deal with the consequences.
    
3. Ransomware can overwrite incremental and other online backups. Take regular, full system backups of your servers, databases and filestores, and make sure you confirm the validity of those backups.
    
4. Consider more thorough checking of embedded email links, including blocking uncategorised websites, using Microsoft Advanced Threat Protection (ATP) safelinks functionality or using a DNS filtering service such as the Quad 9 from the Global Cyber Alliance.
    
5. Many current attacks exploit scripting infections. Consider stricter ‘safelisting’ of programs to limit application use to productivity and necessary audio/video conferencing tools for most remote workers.
    
6. Use an additional archive copy of key servers and data sets that are stored off-line or in a form that can’t be tampered with by a criminal who acquires domain administrator rights.
    
7. Review ransomware incident playbooks and ask whether physical lockdown restrictions may change the way the incident is managed.
    
8. Ensure incident response teams can travel, that they have letters confirming their status as critical workers if challenged, and that they're able to gain access to key sites/premises which may not be fully manned.
    
9. Understand what support any retained cyber incident response firm and existing cyber insurance policy can provide.
    
10. Practice an incident drill while working remotely.