Last week, the world’s largest cruise line operator, Carnival Cruise, disclosed they were victims of a ransomware attack. The company confirmed in an SEC filing that on August 15th the company “detected a ransomware attack that accessed and encrypted a portion of one brand’s information technology systems. The unauthorized access also included the download of certain of our data files.”
The cruise line has not identified who is behind the attack and did not disclose any additional details on how the cyber-attack occurred. They have hired a security firm and notified law enforcement of the incident.
Defined, ransomware is a form of malware software designed to encrypt a victim’s files or block access to a computer system until a sum of money is paid. Ransomware is often spread through phishing emails or text messages that contain malicious attachments. Once the attachments are downloaded, the software takes over the victim’s computer whether locking the user out completely or encrypting some or all of the user’s files.
Ransomware attacks are on the rise, and they are estimated to cost organizations $20 billion by 2021. This cost figure is determined not only by the monetary cost hackers demand in a ransomware attack, but it also includes downtime, data recovery, lost revenue, cost to improve cyber defenses, and reputational damage.
Most recently, there has been an increase in COVID-19 themed phishing and ransomware attempts targeted at all size businesses. Ransomware attacks have increased by 72%, and there has been a 50% increase in mobile vulnerabilities due to the rise of remote work. The COVID-19 pandemic has reshaped the way organizations and their employees work, and it has highlighted the IT vulnerabilities associated with remote work.
There are several ways to prevent a ransomware attack. First, you must have the right security software to protect your organization from cyber threats. Additionally, it is vital to keep your employees trained on how to spot a potential threat. While Carnival Cruise line has not disclosed how the ransomware attack occurred, it is not unlikely that is was due to an employee mistake as human error accounts for the majority of ransomware attacks.
Cybersecurity matters more than ever during COVID-19 as cyber threats are rising exponentially. Your organization needs to prioritize the safety of your business. Take action today and schedule a cybersecurity assessment.