Coronavirus (COVID-19): increased risk of cyber attack

Cyber attackers are using the COVID19 crisis to attack healthcare providers’ systems.

In 2019, according to Microsoft[1], 44% of employees of Ireland companies have experienced problems with hacking, phishing and cyber fraud. In a recent PWC[2] report, almost 80% of Irish companies are struggling to keep up with the complexity of evolving cyber threats. At the same time when the healthcare professionals and industry have been working to look after us and researching a vaccine to exterminate the virus COVID19, Cyber attackers are working 24/7 to exploit companies and government around the World.

In the COVID-19 crisis, cyber attacks related with COVID-19 spiked to nearly a million a day during the first week of March[3] targeting the healthcare sector. The new normal of “working from home”, introduces new challenges and complexities to already streatched security teams struggling to ensure a fully protected environment. According to Mandiant[4], alerts are only generated on 7% of infiltrations and ransomware, at the same time the current controls did not prevent or detect detonation within their environment 68% of the time.

A nightmare, especially for Healthcare organizations considered to be a primary target into ransomware campaigns after the COVID-19 crisis. According to Security agencies of USA[5], Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware. Cybercriminals groups are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months.

They had observed following the threats:

  • Phishing, using the subject of coronavirus or COVID-19 as a lure,
  • Malware distribution, using coronavirus- or COVID-19- themed lures,
  • Registration of new domain names containing wording related to coronavirus or COVID-19,
  • Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.

How Ransomware works:

Ransomware is a type of thread used by cybercriminals who encrypt files and then extort money in return for unlocking those files. Without adequate disaster recovery and backup plans, many businesses are forced to pay the ransom.

Ransomware is typically spread through fake emails (Phishing) that have been designed by the hacker to appear legitimate. These emails may contain a link to an infected website or include an attachment such as a Word document that contains malicious code. Once a link is clicked or a document is opened, it downloads and infects the machine quickly; estimates vary from seconds to 20 minutes. During this time, the malware searches the hard drive, network files, external drives, and cloud drives for all files that can be encrypted. After encryption, a “key” is required to unlock the files; this key is saved by the hacker, and this key in not released until the victim pays a requested amount or “ransom”.

How Sogeti could help your company:

Sogeti could help you and your company reducing the risk and deploying a defence program to find, block, monitor and alert Ransomware attacks. Sogeti Ireland, part of Capgemini, is a worldwide leader in providing cybersecurity services. We have an extensive UNIFIED ENTERPRISE DEFENSE program to cover all cyber risk areas to help Small and midsize business (SMB) or large companies to increase the level of cyber security and reducing the risks. Click here to get in touch with our Cyber Specialists.



[1] Microsoft  - Securing the Future 2020 THE STATE OF CYBERSECURITY IN IRELAND -
[2] PWC - PwC Ireland’s 23rd CEO Survey Sustaining success in unpredictable times -
[3] Microsoft &  Forbs -
[5] USA CISA - COVID-19 Exploited by Malicious Cyber Actors -