Ransomware ain’t going anywhere – 4 trends for 2021

  • 2020 showed us ransomware hasn’t gone anywhere – several high-profile attacks stole headlines
  • But in the now-remote world of work and cross-industry digitization, the threat is only evolving
  • Databarracks shared four ways tactics could be changing in 2021

We’ve seen the full ugly brunt of ransomware attacks over the past few years, but in 2020 especially…

In the ‘unprecedented’ year, we saw a widescale, orchestrated attack on multiple universities, hospitals once again being targeted – this time during a pandemic – and an attack against Garmin putting the multinational tech firm up against the ropes.

But that wasn’t all.

Last year also marked the first time a human casualty came as a direct result of a cyberattack, when the hacked IT systems of a hospital in Dusseldorf led to a female patient dying in transit as she was rushed to an uncompromised facility.

Sadly, the ransomware threat isn’t abating, things are only going to get worse.

In the now normal world of distributed work, “everything from remote workers’ devices to industrial IoT devices has become the new frontlines of the cybersecurity battleground,” were the words of HP Labs chief technologist for security research and innovation, Boris Balacheff.

According to a new report by Databarracks, ransomware attacks will continue to grow in frequency and sophistication, having increased by 26% since 2018. We can therefore expect more attacks, and more attack success, in the year ahead.

“Ransomware is evolving. Cyber-criminals are deploying more sophisticated and innovative ways of extorting businesses and evidence shows this will escalate over the coming year,” said Peter Groucutt, managing director of Databarracks.

“Outright prevention of ransomware is impossible, but it’s important organizations learn from the new methods used by criminals in order to defend themselves.”

So just how will ransomware attacks develop in the year ahead? Examples of the ransomware tactics now being deployed by criminals include:

  • “Double Extortion attacks” where in addition to paralyzing systems, criminals also threaten to release personal or sensitive data on the internet or to the press. This adds the pressure of regulatory fines and reputation damage if they refuse to pay the ransom.
  • Attackers are also waiting longer before encrypting data, to outlast backups. Cyber-criminals know that there is a much greater chance of payment if the victim doesn’t have a good backup to revert to. Attackers access systems and install ransomware but don’t execute immediately.
  • In attempts to put pressure on victims, ransomware gangs now cold-call victims directly, if they suspect the company might try to restore from backups and avoid paying ransom demands. This is an intimidation tactic designed to make the attacker seem omniscient and make the victim feel like any suggestion of recovery is futile.
  • Finally, ransomware is targeting backups directly. Without the ability to successfully restore systems organizations are left with no option other than to pay the ransom.

With attacks inevitable, and more businesses likely to be cornered into making tough decisions, Groucutt expects more organizations to pay ransom demands, despite no guarantee that payment will result in getting data back.

“You must assume that you will suffer a successful attack. From that position, you have two objectives: to quickly detect and respond to limit its reach and to bring systems back online and have the business operational as quickly as possible,” Groucutt said. 

It’s then “critical” that organizations have an incident or crisis response teams ready with the authority to make large-scale, operational decisions to take systems offline to limit the spread of infection. Businesses must then identify where the ransomware installation occurred in order to restore clean data from before the infection.

If there is a silver lining to successful ransomware attacks, it’s that the experience appears to give business leaders a greater appreciation of the importance of skilled cybersecurity professionals, a better understanding of preventative measures, and contributes to the development of cybersecurity tools.