In June, Israeli business daily Calcalist reported that Sapiens, a software company, had paid $250,000 in bitcoin to end a ransomware attack. The breach is thought to have happened when employees started working from home due to Covid-19, according to the article. Sapiens has neither confirmed nor denied the story, and did not respond to a request for comment.
The case highlights how the pandemic has greatly increased the risk to companies from cyber-attacks. Amid the shift to remote working, fraudsters now have many new avenues to trick their way into corporate IT systems. It also underlines the difficult communications choices that come with a cyber-incident. In many cases, companies attempt to sort out the problem behind the scenes. There is no guarantee, however, that paying up will end the matter – or even keep it private.
Threat surge
Cyber-security firms report a huge surge in attacks against companies and other organizations since the start of the pandemic. The number of ransomware reports climbed 715 percent in the first half of 2020, according to a study by BitDefender. Over the same period, 40 percent of Covid-related emails were tagged as spam, with many of them purporting to come from governments or international bodies such as the World Health Organization.
‘The global pandemic has expanded the potential attack surface of the corporate world, given that we now have millions of employees working from home,’ says Chuck Seets, Americas assurance cyber-security leader at EY. ‘You have folks who may never have worked from home before. They may not be as sensitive to cyber-security risks, or attuned to practicing good cyber-security hygiene.’
BlackFog, a data privacy company, is maintaining a list of publicized ransomware incidents. During the year it has recorded dozens of attacks against public companies, including IT services giant Cognizant, carmaker Honda and Swiss manufacturer Stadler Rail, which released a statement saying it had been targeted with malware. The offenders had tried to ‘extort a large amount of money from Stadler and threatened the company with the potential publication of data,’ reported the firm, although its back-up systems enabled it to keep its production lines in operation.
Ransomware incidents today have a higher likelihood of creating a reporting requirement or public discussion, says Siobhan Gorman, a partner at Brunswick Group and former journalist covering national security and law enforcement. Over the last six months, hackers have increasingly combined ransomware attacks with data theft, which creates additional complications for targeted companies, she explains.
‘You see hackers going in [to your systems], carrying out reconnaissance, stealing data and then, in the final measure, applying ransomware to your systems in order to lock down some part of your operations or business processes,’ Gorman says. ‘Email functions get hit a lot.’
This is an extract of a feature from the Winter 2020 issue of IR Magazine. Click here to read the full article.