You are chief counsel of XYZ Corporation. It’s early Monday morning, and as you pour your coffee, you reach for your phone to check email and notice that your inbox hasn’t updated since the prior evening. In normal COVID-business fashion, you attempt to login to your computer using VPN, but you are still unable to connect. You text a colleague and discover they’re experiencing similar issues. You try to locate your Chief Information Officer’s phone number in your contacts list, but your contacts are not populating appropriately. Later that morning, you receive a frantic call from the CIO, who explains that the company’s IT infrastructure is locked down with ransomware and that a threat actor (TA) left a note demanding payment within three days or company data would be published on the internet, accessible to all.

The scenario described above is known as a ransomware attack, and it has been all-too common lately. A ransomware attack is perpetuated by TAs who place malicious software (“malware”) on your computer systems, networks, and/or servers. The malware encrypts your files and enables the TA to display a message demanding a fee to be paid in order for your systems/networks/servers to return to normal operation. Ransomware attacks are targeting every industry globally, including government and health care. Since the onset of the COVID-19 pandemic, the number of ransomware attacks has drastically increased; Security Magazine reports a 72% increase in the number of ransomware attacks since the beginning of the pandemic. Evidence suggests that having employees working remotely significantly increases the risk of a successful ransomware attack.