Ransomware Hits Soar With No Relief In Sight, Insurer Says

By Allison Grande
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Cybersecurity & Privacy newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!

Law360 (June 9, 2020, 9:49 PM EDT) -- Ransomware attacks continued to climb during the first quarter of 2020, specialty insurer Beazley Group reported Tuesday, and companies shouldn't expect any reprieve in the coming months as attackers keep seizing on the security holes and economic fears that the COVID-19 pandemic has created.

Beazley said that it observed a 25% rise in ransomware attacks reported to its breach response team in the first three months of this year compared with the final quarter of last year. While nearly all industries reported incidents, the manufacturing sector had the steepest increase of all, up 156% quarter on quarter, according to the insurer.

Financial services and health care companies were also hit hard, with the sectors combining to account for half of all ransomware attacks reported to Beazley from January through March, the insurer said. These industries were affected in particular by a growing number of ransomware attacks against their vendors and managed service providers, which trickled down to their systems, according to Beazley.

The insurer did note that it's been fielding fewer reports of business email compromise incidents, which decreased 16% in the first quarter. But it stressed that the problem "certainly has not gone away" and pointed to "behavioral changes" spurred by the pandemic, including newly remote employees being less responsive to emails in general, as a likely reason for this "temporary reprieve."

The outlook for the second quarter, which concludes at the end of this month, isn't much better for companies, the insurer said.

Since states began shutting down non-essential services in the middle of March to fight the spread of the coronavirus, experts have seen a dramatic increase in data security incidents — including ransomware attacks that seek to lock targets out of their systems and phishing incidents that try to trick recipients into giving up their personal information — as attackers use the health crisis to exploit vulnerabilities like distracted workers and stretched-thin IT staff.

Beazley pointed to research conducted by security awareness training experts, KnowBe4, that shows that COVID-19-related scams ranging from fraudulent social media posts, text message phishing and, above all, email phishing have "skyrocketed" during the shutdown, and the insurer predicted that these threats will continue to accelerate in the coming months.

"Cyber criminals prey on people's heightened anxiety during this pandemic, tricking them into clicking and sharing links that steal information," Katherine Keefe, Beazley's head of breach response services, said in a statement Tuesday. "Also, those working from home may have weaker IT security than corporate networks typically provide. Organizations must ensure their security systems and protocols are up to date and ensure that working from home colleagues are extra vigilant."

Aside from taking advantage of remote workers being outside the normally robust security protections that their corporate networks provide, scammers are also seizing on fears and a range of other emotions that have been exacerbated by the health crisis, according to Beazley.

"As ... the economic fallout of the pandemic response worsens, cyber criminals will seek to exploit fear of financial insecurity and a natural desire for things to return to normal as powerful motivations for phishing campaigns," the report said.

The scammers are using both older templates and schemes that have been updated with COVID-19 themes as well as new templates designed exclusively for the health crisis that move beyond merely offering new information on the outbreak in order to carry out their hits, KnowBe4 has reported.

Some of the most common schemes on KnowBe4's radar involve scammers sending phishing emails and text messages informing individuals that they need to register and provide their personal information on a website to receive a payment that's due to them under the CARES Act that was passed by Congress earlier this year, according to Beazley.

"A typical example would involve the victim following a link, where they are asked for bank account information and a Social Security number for the deposit, as well as other sensitive information," the insurer said.

Scammers are also sending messages that appear to come from the White House with the most recent federal guidance about the outbreak to convince people to click on a link that downloads an infected Microsoft Word document onto the target's computer, and they are also setting up fake social media accounts mimicking legitimate companies, according to Beazley.

In a particularly "prolific" ruse, scammers pretend to offer a limited number of families an hour to shop for free in their store and then entice users to click on a link that sends them to website hosting malware or a questionnaire that promises hundreds of dollars in coupons if they fill out a survey, the insurer said. One scam page had almost 5,500 followers after less than 14 hours of being created.

"Organizations that have quickly expanded their remote workforce and now have a larger attack surface will need to be more vigilant than ever to protect against business email compromise, credential theft, and phishing that opens the door to ransomware and other malware," the report said.

The findings released Tuesday build on a March report in which Beazley said the number of ransomware attack notifications it had received from its clients in 2019 was up 131% from the year before, and that the sums demanded by attackers had also skyrocketed, at times reaching seven or eight figures.

The insurer noted at the time that the risk of attack is heightened when employees work remotely, and warned that employers need to be especially diligent about combating vulnerabilities in their IT infrastructure as more people work from home during the coronavirus pandemic.

--Additional reporting by Hailey Konnath. Editing by Brian Baresch.

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!