The Evolving Menace of Ransomware: A Comparative Analysis of Pre-pandemic and Mid-pandemic Attacks

Abstract

Drawing upon direct interviews and secondary sources, this article presents a qualitative comparative analysis of 39 ransomware attacks, 26 of which occurred shortly before the outbreak of the COVID-19 pandemic and 13 of which took place during the pandemic. The research objective was to gain an understanding of how ransomware attacks changed tactics across this period. Using inductive content analysis, a number of key themes emerged, namely (1) ransomware attackers have adopted more sinister tactics and now commit multiple crimes to maximise their return; (2) the expanded attack surface caused by employees working from home has greatly aggravated the risk of malicious intrusion; (3) the preferred attack vectors have changed, with phishing and VPN exploits now to the fore; (4) failure to adapt common business processes from off-line to on-line interaction has created vulnerabilities; (5) the ongoing laissez-faire attitude toward cybersecurity and lack of preparedness continues to be a substantial problem; and (6) ransomware attacks now pose potentially severe consequences for individuals, whose personal data has become a central part of the game. Recommendations are proposed to address these issues.