Cyber thieves are using new variants of ransomware to extort money from victims, exploiting the security loopholes created by the COVID-19 lockdown, according to Emergence.

With employees working remotely since March, it has become easier to infiltrate a company’s network, the cyber insurance specialist says, revealing one of its clients had its system hacked through this way.

An employee of the client, a Queensland-based club, had unknowingly clicked on a phishing email, allowing the perpetrators entry into the business network. From there, the thieves stole the data and then had the system encrypted before making an extortion demand.

“The opportunity is definitely increasing with people working from home,” National Head of Sales Gerry Power told insuranceNEWS.com.au. “The threat to businesses is very much enhanced because you have these people working remotely sometimes from equipment that isn’t owned by the insureds.”

He said cyber crooks have also changed their tactics. Previously, they were only encrypting data for ransom but now, as the Queensland club’s case has shown, their methods have evolved to stealing it too.

“In the past, they weren’t always stealing the data. A lot of ransomware is just about locking a system down so the business can’t use it,” Mr Power said. “We’re now seeing a disturbing trend of new strains of ransomware.”

Giving in to ransom demands is discouraged but in the case of the Queensland club, Emergence decided to make an exception and went ahead to make the $350,000 bitcoin payment.

As the club had a cyber policy that covered for loss of earnings from an incident, it was better not to have the matter dragged out indefinitely.

“If we spend three or four months trying to remediate the data, or the data isn’t available to us, then the potential loss of profits to the business is huge,” Mr Power said. “So sometimes you need to make a commercial decision. The commercial reality suggests that we might need to pay the ransom. Each case is taken on its own merits.”