Cybersecurity standards should be treated in the same way as legislative data protection rules in response to cyberattacks including ransomware incidents, a security expert has proposed.
Ransomware has transitioned from a thorn in the side of individuals and a nebulous concern against organizations to a real, and frequent, threat that can result in catastrophic damage to corporate networks, the loss of client records, and the potential leak of confidential corporate information.
Ransomware variants include WannaCry, Petya, Ryuk, and Gandcrab -- but there are many, many others. Once a computer system has been compromised, this form of malicious code will encrypt disks and files and will demand a ransom payment in return for a decryption key.
According to Check Point[1], the number of daily ransomware attacks worldwide has increased by half over the past three months -- close to doubling in the United States alone -- as threat actors take advantage of the operational disruption and rapid shift to home working caused by COVID-19.
Ezat Dayeh, Senior Engineer Manager UK&I at Cohesity[2], told ZDNet in an interview that the company has seen a recent and "dramatic" increase in the volumes of ransomware incidents.
As more people are working from home due to COVID-19, this may have introduced new risk factors -- but the increasing sophistication of such attacks is of concern, too.
"When we think about two or three years ago, when people were hit with ransomware, nine out of ten times they would basically say, "it's definitely impacted production, we've got issues, but we can go back to our backups," and worst-case scenario, we will just do a restore," Dayeh said. "But now, with that sophistication, the bad guys know this. Ransomware can come into a network [and] it won't