A New Era of Ransomware


As businesses, executives and staff seek ways to endure the global pandemic, no one predicted the cybercrime wave that has hit in 2020. Attack vectors shifted when companies quickly switched to work from home (WFH) operations and there has been a marked increase in ransomware attempts in the last six months alone. Ransomware is a type of malware used to extort money from a computer user by taking control of the victim’s machine (or corporate network) and either locking it or encrypting the documents stored in it until a ransom is paid. Sometimes the perpetrators threaten to publish the data if the victim refuses to pay. According to analysts specializing in ransomware incidences, there was a distinct increase in Remote Desktop Protocol (RDP) intrusions in Q2 this year and payouts averaged $178,254 - up 60% from Q1.


A One-to-Many Attack

In May, Blackbaud – a publicly traded company providing fundraising, financial processing and program management software to charities, K12 schools, universities and healthcare organizations – suffered ransomware attack. The company is now the defendant in a class action lawsuit filed by several schools, nonprofits and other organizations whose students, donors or patients entered sensitive and/or identifying information into the Blackbaud software and supporting infrastructure. While Blackbaud prevented the cybercriminal from blocking access to their system and encrypting files, the hacker removed a copy of a subset of data thus executing a double-extortion ransomware attack. Blackbaud paid the ransom in bitcoin and claims they received confirmation that the copy of the subset data had been destroyed. The plaintiffs of the lawsuit are not convinced.


Blackbaud has instructed those affected by the incident to monitor credit card and bank accounts and additional personally identifiable information including addresses and social security and phone numbers. The undertone of the notification is clear. There are many unsuspecting donors to charities, patients of healthcare providers and students of all ages who now have personal data at risk of exposure on the Dark Web, which opens them up to fraud and unsolicited contact.


Preventive Measures

Generally, a ransomware assault goes hand in hand with an undetected phishing attack, and phishing campaigns are fed by personal information easily available for sale by data brokers. Insite offers mitigating strategies that can help thwart a ransomware attack before it happens.

  • Since WFH staff are the most vulnerable targets of cybercriminals, it is now time to educate employees to recognize phishing and other social engineering ploys. Insite delivers baseline testing to assess the vulnerability of phish-prone users through a simulated phishing, vishing or smishing attack program. Then tailored training plans are provided for each user based upon baseline testing results.

  • Insite's Personal Information Removal (PIR) Program helps reduce the proliferation of personal information sold by over 100 online data brokers. Analysts scan the Dark Web and offer recommendations should breached information be found.

Click here to request the briefing on how to defend against the rise of ransomware attacks.

© 2020 Insite Risk Management