Back to top

Cyber Threats as a Result of COVID-19: Part 2

Ravi Das

In our last article, we reviewed one of the major cyber threats surrounding COVID-19 vaccines – namely that of BEC Attacks. In this one, we examine yet another major threat vector: ransomware.

What Is Ransomware?

This is a term that most of us have heard about, especially late last year, when the number of Ransomware attacks really impounded the healthcare industry, and continues to do so today. But what is it all about? Essentially, it is a Malware that is deployed onto your computer. It can come from several sources, but most often, they arrive in the form of a Phishing Email.

The payload (which is really the Malware) can then be downloaded onto the victim’s computer by either clicking on a phony link or downloading an attachment (such as that of a .DOC or .XLS file extension). It is important to note that simply downloading an attachment does not always deploy the payload but can based on what the victim does after.

But here is where a ransomware attack differs from a phishing attack. The malicious payload then takes over the entire device of the victim. Once this happens, the screen gets locked, and all the files that reside within the device become encrypted, rendering them totally useless.

After all of this has taken place, the bad actor then reaches out to the victim asking for some type of ransom payment to be made. But rather than paying via cash, the payment must be made via a virtual currency, such as that of bitcoin. In this way, it becomes much more difficult to track down the bad actor.

Theoretically, once the payment has been received, the bad actor will then send over the decryption keys to the victim so that they can unlock their device and access their files once again. But in reality, this rarely ever happens.

So, given just how powerful ransomware can be, it is now quickly becoming the tool of choice for the bad actors when it comes to launching various threat vectors regarding the COVID-19 vaccine.

As a result, any individual or entity can become a victim here, ranging all the way from the manufacturers of the vaccine down to the physician that is administering the shot.

The Types of Ransomware Attacks

There are numerous strains of ransomware that have existed for quite some time, and these have served as the basis for the new threat variants that we are seeing today. Some of these include the following:

  1. The Cryptolocker: What makes this strain so dangerous is that it makes use of some of the strongest and most powerful encryption algorithms in existence. The only way a victim can get their heisted files back is if they pay the actual ransom. But as previously mentioned, there is no guarantee in this whatsoever.
  2. The Wanna Cry: This type of ransomware is probably the one that people have heard about the most. It got so bad at one point, that it infected over 125,000 businesses in 150 countries at the same time. Some of the other variants that have come out of this have also been termed as “WCry” and “WanaCrypt0r” by both malware and cyberthreat researchers.
  3. The Bad Rabbit: This is a variant which has been notoriously used upon Adobe-based products, especially those of Flash. Unlike the ransomware variants, this has been targeted specifically towards businesses that have their base of operations in Eastern Europe.
  4. The Cerber: Just like the last one, this piece of ransomware also has a specific focus: The devices that make heavy usage of Office 365. In this instance, very sophisticated phishing emails are transmitted out to the victims, enticing them to click on a link or to download an attachment.
  5. The GoldenEye: This is an actual strain of the ever so popular “Petya” ransomware. It too has a specific focus as well, in that uses the tactics of social engineering in an effort to obtain the Personal Identifiable Information (PII) datasets of both employees and customers from the Human Resources Department of a particular business.
  6. The Jigsaw: This strain is deemed to be one of the worst of its kind. For example, the encrypted files of the victim will start to get deleted after 72 hours if the ransom is not paid out to the bad actor.

How To Avoid Becoming A Victim

The question now is how does a business or an individual avoid being a victim of a ransomware attack? The truth of the reality is that anybody can become a victim, despite taking all sorts of security precautions.

The key here is to mitigate that risk from actually happening. The best way to do this is to maintain a proactive mindset, such as creating backups of all your files and datasets on a regular basis.  It is important to note that you will want to make multiple copies of your backups as well, both in the cloud, and offsite, just to have redundancy.

That way, in the unfortunate chance if you do become a victim, you can get new devices and restore the impacted files onto them and discard the ones which have been infected. Or, if you make use of a cloud-based solution (such as that of AWS or Microsoft Azure) you can in a matter of minutes create new Virtual Machines (VMs) and restore the data into them as well.

Now the question arises – should you ever pay the bad actor that ransom? There are differing views on this and will be covered in more detail in a future article. If you have questions or concerns regarding your organization’s security posture, Logically is here to help. Schedule a call with an expert today.