Because of the nature of ransomware attacks and the mass numbers of workers at home, anti-malware vendor Emisoft believes we’re going to see a rise once work returns to normal.
Ransomware is a numbers game: launch enough attacks and a percentage of them will return revenue back to you. This rings true regardless of whether attacks are targeting specific organizations or are part of a mass emailing of millions of email addresses. But, according to security researchers at Emisoft, we’re seeing a lull in successful ransomware attacks because of the pandemic.
Here’s the thinking: Ransomware attacks function in stages. The first stage is reconnaissance, where the initial infection checks to see if the compromised endpoint is valuable enough to launch a full ransomware attack. We’ve seen infostealer malware collect all kinds of information; this gives you an idea of how granular a cybercriminal can be before having the initial malware contact a C2 server to download the ransomware payload. So, with 61% of remote workers using personal devices, it makes sense that cybercriminals are holding off completing the attack, as only holding a single device for ransom isn’t profitable.
Once employees return to the office – at least 41% of employees intend to – the idea is that they will resume working on their corporate devices (the ones connected to every other corporate device on the network). This is a far better-looking prospect if you’re a cybercriminal intent on using ransomware to make money.
Emisoft also warns of the return of corporate devices back to the corporate network, stating network segmentation for these endpoints should be in place to minimize the impact of any dormant ransomware waiting to run once back at the office.
They also recommend employees be enrolled in Security Awareness Training, as two-thirds of employees received no training in the last year. This will dramatically help lower the likelihood of successful attack should cybercriminals attempt to re-infect the business endpoint belonging to the same victim user who fell for an attack while working at home on their personal device by sending them another phishing email in the future.