The Virus and Ransomware
By David Opderbeck
In the middle of the pandemic, things we used to take for granted feel frightening. A trip to the grocery store, taken only when truly necessary, seems like stepping onto the set of a post-apocalyptic movie, as shoppers eye each other suspiciously from behind face masks while picking over thinly-stocked shelves. Cyber criminals, unfortunately, know how to prey on these fears. From early in the COVID-19 crisis, cybersecurity experts have warned about a rise of social engineering attacks, such as phishing emails, spoofed websites impersonating public health authorities such as the World Health Organization and the U.S. Centers for Disease Control, and fake coronavirus mobile apps.
Some of these social engineering campaigns have been linked to ransomware attacks on health care facilities, financial services providers, and other essential businesses. A study done by Carbon Black, for example, showed a 148% increase in ransomware attacks between February and March 2020. Another study released by Checkpoint Research on April 16, 2020, found that ransomware attackers are increasingly engaging in “double extortion.” This kind of attack begins as a typical ransomware incident: the attacker encrypts the victim’s data and demands a ransom to decrypt it. It also adds a second stage: the attacker makes a copy of sensitive data and then, after receiving the decryption ransom, demands a second payment to prevent public disclosure of the stolen data.
Although the COVID-19 crisis creates fear, it also prompts generosity and altruism – ranging from the heroism of front-line health care workers to everyday acts of kindness like checking in virtually on friends and neighbors. At the start of the crisis, leading ransomware groups such as DoppelPayemer and Maze seemed to join this wave of altruism by promising to avoid attacks on health care facilities. These groups try to position themselves as modern-day cyber Robin Hoods, stealing from wealthy banks and other for-profit companies while avoiding entities such as healthcare facilities that serve the poor.
Almost immediately after this promise, however, Maze hit Hammersmith Medicines Research, a British company that may serve as a COVID-19 vaccine test center. The truth is that these are ruthless organized crime operations that will not hesitate to take advantage of this crisis.
Now more than ever, even as we practice social distancing to flatten the curve of the coronavirus infection, we need to practice good cyber hygiene to flatten the curve of cyber attacks. It’s a good time to remind employees working from home of some basic principles:
- Be wary of texts or emails that seem unusually alarmist or urgent, particularly if they purport to originate from high-level government or corporate sources.
- Avoid apps and websites that claim to offer some inside information or cures beyond what is being reported by official government sources and reputable news outlets.
- If presented with a request for information that seems suspicious, use recognized channels, including a phone call to the supposed source, to confirm whether the request is authentic.
- Notify the appropriate persons in your organization of contacts that appear to be social engineering scams.
David Opderbeck is a Professor of Law at Seton Hall University School of Law and specializes in intellectual property, cybersecurity and technology law and policy. He also currently serves as the Co-Director of the Gibbons Institute of Law, Science & Technology. Professor Opderbeck's biography and publications are available online.