A new report from Beazley Breach Response (BBR) Services reveals that the number of ransomware attack notifications against clients increased by 131 percent in 2019, as sums demanded by surged along with the counts.

The exponential jump on the severity side saw cybercriminals asking for seven- and even eight- figures sums in some cases.

According to an announcement about the latest Breach Briefing, the two most common forms of attack to deploy ransomware are phishing emails and breaching poorly secured remote desktop protocol (RDP). RDP enables employees to access their work computer desktops or company’s primary server from home with the press of a button.

“The coronavirus has forced many more employees to work from home and in this pressured environment it is very important that companies take the right steps to reduce the vulnerability of their IT infrastructure.”

Katherine Keefe

That convenience comes with added risks that are heightened now as the coronavirus has forced more employees to work from home, noted Katherine Keefe, Beazley’s global head of BBR Services. Using RDP can make IT systems more susceptible to attack without the right security measures in place, she said in a statement. In the current “pressured environment” created by the need to work for home as the coronavirus spreads, “it is very important that companies take the right steps to reduce the vulnerability of their IT infrastructure.

“Always ensure employees can access their computer using a virtual private network with multifactor authentication,” she said. “It is important to whitelist IP addresses that are allowed to connect via RDP, and make sure that unique credentials for remote access are in place—particularly for third parties.”

Beazley notes that BBR services managed a growing number of ransomware incidents for policyholders that actually resulted from attacks on IT managed service providers and other service companies providing organizations with infrastructure and support services. In some cases, these attacks halted the operations of hundreds of customers downstream from the attacked IT provider.

Keefe noted a troubling evolution in the development of ransomware over the past four years. While earlier ransomware was just used to encrypt a target’s data as leverage for a ransom demand, more recently, attackers have been using ransomware variants in tandem with banking Trojans. “This two-pronged attack leaves organizations not only with the debilitating impact of its critical systems and data being encrypted, but with the added risk of data being accessed or stolen,” she said.

Source: Beazley Group