Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.
Sign up for our Compliance newsletter
You must correct or enter the following before you can sign up:
Thank You!
Law360 (March 23, 2020, 9:56 PM EDT ) Ransomware attacks exploded last year as more employees worked remotely, data breach insurer Beazley said in a report released Monday, adding that employers should be especially diligent about combating vulnerabilities in their IT infrastructure as more people work from home during the coronavirus pandemic.
According to the report, the number of ransomware attack notifications against Beazley's clients in 2019 was up by 131% compared to the year before. The sums demanded by attackers also skyrocketed, at times reaching seven or eight figures, Beazley said in its annual update on cyber trends.
And the risk of attack is heightened when employees work remotely, as so many are doing in the midst of the coronavirus pandemic, Beazley said. On Friday, cybersecurity attorneys told Law360 that the pandemic has brought with it a spike in data security incidents as hackers use the health crisis to exploit vulnerabilities like distracted workers and stretched-then IT staff.
On top of that, attackers' methods of deploying ransomware are changing, including sending phishing emails or breaching poorly secured remote desktop protocol, Beazley said in Monday's statement.
Katherine Keefe, Beazley's head of breach response services, said in a statement Monday that the data show how ransomware has developed into "a more serious and complex threat" over the last several years.
In the past, ransomware was typically used to encrypt data as leverage for a ransom demand, she said. But as of late, attackers have been using it alongside malicious programs designed to gain access to sensitive information through online banking systems, she said.
"This two-pronged attack leaves organizations not only with the debilitating impact of its critical systems and data being encrypted, but with the added risk of data being accessed or stolen," Keefe said.
She added that remotely accessing a desktop, in particular, can make companies' IT systems more susceptible to attack without the right security measures in place.
"Always ensure employees can access their computer using a virtual private network with multifactor authentication," Keefe said. "It is important to whitelist IP addresses that are allowed to connect via [remote desktop protocol] and make sure that unique credentials for remote access are in place — particularly for third parties."
--Additional reporting by Ben Kochman. Editing by Alanna Weissman.
For a reprint of this article, please contact reprints@law360.com.