After 2019 was remembered as the year that ransomware targeted state and local governments, what can be said about ransomware in 2020 – especially during the global coronavirus pandemic?
To start, ransomware made global news headlines this week when a major ransomware attack was thwarted against Tesla. The Associated Press reported that: “Tesla CEO Elon Musk solved a mystery involving a 27-year-old Russian, an insider at an unnamed corporation and an alleged million-dollar payment offered to help trigger a ransomware extortion attack on the firm. …”
Commenting on the same Tesla ransomware story and the wider industry extortion trends, Wired magazine added this context:
“But that kind of inside-man trick is rarer among ransomware gangs, says Katie Nickels, the director of intelligence at security firm Red Canary. ‘This indictment is the first time I’ve heard about an insider-enabled ransomware attack,’ she says. But she says that as the scourge of ransomware grows—along with its payoffs—the groups are adopting more ambitious tactics. ‘It’s part of a larger theme of ransomware adversaries really upping their game.’
Nickels adds that despite Tesla’s success in thwarting the ransomware crew’s insider recruitment, the case should nonetheless serve as a cautionary tale. It may suggest that network defenders need to consider the possibility that not just attackers outside the firewall, but malicious employees within it, could be the origin of an attack. ‘It really changes the game for the defenders. Before today I would not have suggested companies include an insider attacker installing ransomware in their threat model,’ she says. ‘Now everyone has to shift their thinking. If we know about this one case that’s been documented, there might be more.’”
For more on the Tesla ransomware attempt, you can also visit this excellent TechCrunch coverage.
What About Ransomware & COVID-19?
*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/ransomware-during-covid-19.html