Ransomware attacks are on the rise. We saw an increase in the proportion of attacks that involve ransomware or some form of malware in 2020, and we will expect to see this trend continue into 2021.
According to a report on the cybersecurity threatscape by Positive Technologies, ransomware is “hitting companies with increasing frequency” – accounting for 39% of all attacks involving malware.
The line between a ransomware attack and a data breach continues to blur. In recent years we’ve seen incidents where attackers have stolen sensitive data before initiating an attack, and then threatening to expose the data to the public – often via their own website – if the victim refuses to pay the ransom.
Such techniques are becoming increasingly more common, with attackers now looking for more ways to weaponize the data, whether through blackmail or by threatening to sell the data to the victim’s competitors.
As always, attack vectors are becoming increasingly more sophisticated, with cyber-criminals starting to use machine learning techniques to evade security defenses. This includes developing attack vectors where the ransomware program is able to hide inside virtual machines and cache copies of the data without getting detected by traditional AV software.
We’ve also seen the usual state-sponsored ransomware activity from the “the big four”, which is a good place to start with our 2021 ransomware predictions.
State-sponsored ransomware attacks
We believe that state-sponsored ransomware attacks will increase in both frequency and severity, as global tensions increase. The majority of state-sponsored ransomware attacks still come from “the big four”, which includes Russia, China, Iran, and North Korea – and the targets are most likely to be US or Europe-based companies. State-sponsored hackers have been diversifying their tactics to inflict more harm, which includes employing third-party “vendors” to deliver Ransomware-as-a-Service (RaaS) attacks, and this sophistication will likely lead to an increase in state-sponsored attacks in 2021.
This is backed up by the 2019 Verizon Data Breach study, which shows that nation state-sponsored ransomware attacks have increased from 12% of attacks in 2017 to 23% in 2018 – a trend that will likely continue in 2021.
Healthcare will be the most targeted industry
Many countries across the globe are still grappling with the coronavirus pandemic and given that cyber-criminals never let a crisis go to waste, it’s likely that healthcare will continue to be the most targeted industry. We predict that over 50% of data breaches involving ransomware will involve PHI in 2021.
More lives will be lost from ransomware attacks in 2021
In September a woman died from delayed treatment after a hospital in Düsseldorf, Germany, was hit by a ransomware attack, according to a post by The New York Times. This was said to have been the first fatality from a ransomware attack to-date.
Cyber-criminals will continue to find the most egregious methods of extorting their victims. We will likely see more medical research laboratories and biotechnology companies being targeted as they scramble to develop vaccines to combat the coronavirus.
Double-extortion attacks will become more popular
A double-extortion ransomware attack is where the hackers steal sensitive data before encrypting the victim’s files. They then threaten to publish the data if the victim fails to pay the ransom. According to Checkpoint, we’ve seen a 50% increase in the daily average of double-extortion ransomware attacks.
Since healthcare records currently sell for between $100 and $500 on the dark web, a double-extortion attack means that the attacker wins even is the victim refuses to pay, hence why these attacks are becoming more popular.
Ransomware response plans will become a thing
Since hackers are now stealing the victim’s data before encrypting it, ransomware attacks will start to be treated like data breaches, which means they will need to develop formal plans to respond to them. Organizations should look to their security teams to implement stringent incident response plans to ensure that they are prepared for a ransomware attack.
Ransomware payments will become illegal
Organizations who have fallen victim to a ransomware attack are generally discouraged from paying the ransom, as paying the ransom will encourage the attackers to continue developing more sophisticated attack vectors.
The U.S Government has actually expressed their intention to make it illegal to pay the ransom, based on the grounds that doing so would be considered to be the same as funding a terrorist organization. Since the attackers are also likely to be nation-state sponsored actors, we will likely see other countries follow suit.
How can you protect your organization against ransomware attacks?
Since your employees are your first line of defense against ransomware attacks, making sure they are sufficiently trained and vigilant when it comes to identifying suspicious email links and attachments is paramount. You must ensure that your employees’ ability to install and run software applications on network devices is restricted, and backups are stored either offline or on a separate device or drive to ensure that the data can be recovered following an attack. Your operating system and antivirus/malware software must be kept up-to-date using an automated patch management solution.
If you would like to see how Lepide can help organizations to detect and prevent ransomware spread through anomaly spotting, threshold alerting and automated responses, schedule a demo with one of our engineers or start your free trial today.