Recently it was announced that Cognizant, a large IT firm was hit by the Maze Ransomware (See Here). While it looks like they are working hard to mitigate the damage by this attack and there are no indications that the ransomware was able to hit their clients, it did raise a question about the “promise” made by some ransomware groups that they would limit their attacks because of the Covid pandemic. I will admit I was quite skeptical when the initial announcement was made that they would limit their attacks – these groups, in general, are out for financial gain and I could not see any reason why they would limit their attack surface for altruistic means. Are they trying to paint themselves as modern day Robin Hoods? Who knows but at a minimum this definitely needs to raise our eyebrows when any future announcements are made by criminal cyber groups. Maybe there was a split in direction by the group or maybe they had a “just” reason for these attacks? It really doesn’t matter. Take these criminal group announcements with a grain of salt and realize that no matter what they say today, tomorrow it may be a different story.
Speaking of ransomware, VMWare recently published a report about the dramatic rise in ransomware (See Here) and while that announcement isn’t surprising, the report does provide some startling numbers in regards to the number of remote workers. On 10 March, there were an estimated 6% of the workforce working remotely. As of 7 April, that percentage is 70%. That shows the scope of this Unplanned IT Transformation. Whether your company was planning to start doing remote work or not, they are doing it now if they want to stay in business and solvent. We have seen the result of not changing to a more remote work environment with the announcements of several bankruptcies by retail stores – stores that in some cases had limited online presences or were paying high prices for prime brick and mortar spaces around the world. Also of note is that retailers and financial organizations were the most targeted sectors in the Covid Ransomware campaign with healthcare being a distant third target. This does support the premise that most criminal attacks are for financial gain and may even support the ransomware groups statement that they would avoid healthcare targets during the pandemic. No matter the vertical, we all need to be wary and continue to make security a priority.