ABSTRACT
As recently seen with the advent of Covid-19 and according to the FBI, ransomware is the fastest growing malware threat. Everyone is a target from the colossus to the home user. More than 4,000 ransomware demands have occurred daily since the beginning of 2016. When surveyed, 81% of cybersecurity experts believe there will be more ransomware attacks than ever in 2020 and 2021. Over 20% of ransomware attacks use social engineering vectors, such as phishing to deliver the malware. According to PurpleSec, new ransomware variants grew 46% in 2019, and ransomware attacks increased 41% in 2019 with 205,000 businesses who lost access to their files. In 2021, it is estimated that a business will fall victim to a ransomware attack every 11 seconds. In 2020, ransomware costs nearly doubled from US$11.5 billion to US$20 billion. 1
Ransomware and attacks related to Covid-19 are up 30,000% between January and March 2020, according to zScaler. 2 This attacks include phishing, website exploitation, and malware targeting remote users. Cybercriminals are taking advantage of vulnerable companies with notable spikes in attacks that can be correlated to key days in the COVID-19 news cycle.
Most recently, cybercriminals are targeting pharmaceutical companies working on clinical trials for COVID-19 vaccines, such as Moderna. These crooks are capitalizing on the vulnerabilities exposed when companies had to shift their resources to protect the exponential increase in the attack surface created when every worker was now connecting from home.
According to Sean O'Rourke, Cyber Liability Consultant at Combs & Company, “A growing number of ransomware attacks resulted in encryption and data exfiltration in 2020, where the data was ransomed twice. This really started as a backup in case the original ransom wasn't paid; from all I've read and talked to those in the know, it appears to be the new norm now.”
In this chapter, we will discuss what ransomware is, how to have a formal ransomware strategy, ransomware readiness, the evaluation, or the cost-benefit analysis related to paying a ransom, the ransomware recovery time objective, and the ransomware cyber insurance sublimit.
