Can ransomware do more harm when working from home?

What is ransomware?

While all forms of malicious software (malware) are unwanted for the potential harm they can cause to your devices, network, business and personal life, not all of them are designed in quite the same way nor are they created to behave in similar ways.

Indeed, even though malicious entities can proliferate viruses and other forms of malware to extract information that may be valuable to them at a later stage and perhaps pending some sort of modification (e.g. data analysis, information gathering to inform future decisions, e.g.), other entities have a much more short-term and immediate objective in mind: extracting as much monetary value from their victims in as quick and efficient a manner as possible.

This is the purpose of ransomware, a very specific form of malware. Ransomware infects your device, predominantly computers since these are the devices most of us perform our most critical file-based work on, affecting its performance in some way and holding it hostage in exchange for a monetary reward. The majority of ransomware attacks involve the encryption of some or all locally-stored files and a message displayed to the user that their files will remain encrypted for ever unless the attacker is paid a fixed sum of money by a predetermined deadline.

How widespread are ransomware attacks?

Ransomware attacks are far from a novel threat. The earliest incident of ransomware goes back all the way to 1989 when 20,000 floppy disks were disseminated at a World Health Organization conference. The floppy disks contained a Trojan virus which encrypted file names and hid file directories.

Ransomware became much more commonly used in the past decade or so, boosted by the spread of RSA encryption in the mid to late 2000s. Specifically, 2013 is seen as a pivotal year in ransomware, since it was the year in which the first instance of CryptoLocker and its copycat software Locker were recorded. This, of course, coincided with the adoption of various cryptocurrencies, which is the preferred payment method for malicious entities since it facilitates anonymity when receiving the extorted funds.

While the majority of ransomware relies on spear phishing (using seemingly legitimate emails to spread malicious files) to target potential victims, the popularity of social media and their increased functionality has given hackers new means of infecting users and their devices. This was particularly evident in 2016, when an estimated 638 million ransomware attacks took place within the year, driven by the creation and spread of Locky, a ransomware utilizing malicious macros.

Working from home invites ransomware attacks

Although annual ransomware attacks have reportedly fallen since 2016, particularly due to users becoming more educated and aware of these attacks, there was still an average of 192 million ransomware attacks between 2017 and 2019. Moreover, it has been estimated that ransomware attacks have inadvertently incurred a cost of $11.5 billion to users and businesses in 2019 alone.

More recently, though illicit activity as a percentage of the overall cryptocurrency transaction market has fallen from 2 percent to 0.34 percent year on year, there was an overall increase in terms of ransomware activity in general, with ransomware attacks rising by a whopping 311 percent in 2020. The reason for this rise in ransomware attacks is rooted in the coronavirus pandemic and the vast amount of business users who are now forced to work from home.

Why does working from home increase your risk to ransomware attacks?

The first and most obvious reason for the increased exposure to ransomware attacks while working from home is the absence of a firewall and other organisation-specific cybersecurity policies that had previously provided a defensive layer between you and any malicious entities.

As we previously covered here, this is also aligned with the user operating on their home network and all that entails. This has ramifications directly linked to the network equipment deployed at home, as well as in terms of user behaviour being much more relaxed and less disciplined when working outside of the office.

There is also a social element to the increased ransomware risk posed while working from home. When receiving emails from unknown senders which contain weird links or attachments, employees are far more likely to consult with other colleagues or their internal IT department before opening them. This additional filtering process is less likely to occur at home.

In addition, the reliance on email and the resulting increase in email volume when working from home provides hackers with more opportunities to target corporate users, particularly through phishing attacks, since illegitimate emails impersonating as legitimate ones can become harder to spot. This is all the more important when considering how roughly half of organisations fail to provide email security training to their users, a crucial omission in cybersecurity defence.

Finally, the rapid pace of ransomware mutation, meaning the modification to preexisting ransomware code, makes it far less likely that every device used in a remote working setup will have been updated recently enough to deal with every threat that has recently surfaced. Again, this was also covered at length here.

“In this quarter we observed an increase in the number of new ransomware modifications, even though the Gandcrab family closed down in early June. The GandCrab ransomware family has long been one of the most popular cryptors amongst cybercriminals”, said Kaspersky security researcher Fedor Sinitsyn in 2019.

“We expect new actors to replace GandCrab and urge everyone to protect their devices by installing software updates regularly and choosing a reliable security solution”, Sinitsyn added.

How Boltonshield can help

Boltonshield can help you assess your current security levels through a variety of methods, including penetration testing and security audits. This can help you identify problems and potential risks in a proactive manner and address them before they can be exploited.

Boltonshield can provide your organisation with terminal servers which can be used by remote workers. A terminal server can provide a safe, secure and remote working environment, access to organisational resources from wherever they are, as well as a singular point of both entry and maintenance which can be more easily monitored and managed.

You can get in touch with us to find out exactly how BoltonShield can help you by clicking here.

If you want to get updated about our recent publications about cybersecurity related topics, subscribe to our newsletter!

Subscribe to our Newsletter