Ransomware: new year, new threats

Editorial Type: Date: 2021-02-02 Views: 662 Tags: Networking
Veniamin Simonov, Director of Product Management at NAKIVO, sets out some of the ransomware trends to be aware of in the year ahead

News of ransomware incidents are now making the headlines more than ever before. Not only do companies suffer significant financial losses to remediate ransomware attacks, but they also cause reputational brand damage that could impact their stock value and ability to both retain and attract customers.

COVID-19 has caused an increase in the number of attacks taking place in the past year with many more of us now working from home. With some organisations 'cornered', the impact of these attacks is also growing in scale. For example, in July 2020 U.S. travel management firm CWT paid $4.5 million to hackers who stole reams of sensitive corporate files and claimed to have knocked some 30,000 computers offline.

With ransomware attacks becoming increasingly frequent, how has ransomware changed in light of the COVID-19 pandemic, and what trends can we expect to see in 2021 and beyond?

PANDEMIC IMPACT
The Coronavirus pandemic has sent a ripple effect across industries - with another national lockdown workforces have been confined to home offices once again. Many remote users are not well protected and can easily become a target for ransomware attackers. More commonly, attackers will target larger organisations for the potential financial gain, however, since the beginning of the pandemic there has been a rise of home users being attacked by cybercriminals. This is due to a lack of awareness or security measures in place for remote users.

With the increasing uncertainty surrounding the possible health consequences of the pandemic, ransomware attackers have taken advantage of impressionable individuals - using the COVID-19 topic in their phishing emails. For example, users have reported reviewing suspicious messages containing information about coronavirus and requesting the user to open an (unknowingly dangerous) attachment. Latest ransomware and malware trends reveal that the number of coronavirus related phishing is becoming a recurrent issue.

REDUCING THE RISK
The rate of ransomware attacks rose exponentially in 2020. Microsoft has reported that incidents related to ransomware are the most common cybersecurity breach since October 2019. According to the 2020 Microsoft Digital Defense Report, 13 billion malicious and suspicious mails were blocked by Microsoft between January and October 2019. Blocked emails, in particular, contained more than one million malicious links that had the potential to trigger an attack.

To reduce the risk, every home or enterprise user should follow online safety rules and security policies even when working remotely. Only by receiving appropriate training and being aware of the latest ransomware threats are users less likely to be infected. Some of the most obvious rules include avoiding links from unknown sources, installing anti-virus software on all computers, making sure that the anti-virus is updated regularly and configuring a firewall.

On the rare occasion that your computer does get compromised, it's recommended that you don't pay the ransom as this will only encourage cybercriminals. Furthermore, this can come at a huge financial cost - according to Safety Detectives, the average requested ransom amount has risen from $4,300 in 2018 to $8,100 just two years later. Cybersecurity Ventures have also predicted that the damage caused by ransomware would be more than 20 billion USD in 2021. That said, there is also no guarantee that you'll be able to decrypt files after paying a ransom or that your stolen data will not be sold to competitors or other criminals.


"Research shows that new ransomware can easily steal users' data to extort a victim. Since data loss is a growing concern for companies and individual users, these attacks are becoming increasingly prevalent and sophisticated. While large organisations are targeted the most, COVID-19, and a shift to remote working has triggered an influx of individuals being victimised, which can only be mitigated by implementing the correct, responsible security measures."
DATA LEAKS, ENCRYPTION AND INFECTION
A particularly vicious ransomware technique involves stealing data from a victim and then encrypting files on infected computers. Attackers threaten the victim by publishing a portion of stolen data on the dark web and demanding a ransom fee in return - regardless of whether the victim has backups to recover their data. This is a particular concern for a company which operates with customer data - if the data is leaked publicly, they could incur hefty fines. This approach is known as double extortion.

The methods of infecting ransomware have remained almost the same in 2020. According to figures from Ransomware Detectives, 67% of attacks stem from spam and phishing emails, 36% are due to inherent human factors such as when users are not trained well enough and 30% are due to weak passwords and insufficient access management. More specifically, the most popular methods to infect computers and infiltrate networks remain almost the same as in the past year: Remote Desktop Protocol Misconfigured public cloud instances, USB flash drive and other removable mediums.

WHO IS BEING HIT HARDEST? In 2020, ransomware targeted North America with 33% of total attacks, Asia with 30% and Europe with 27%. Research from BlackFog demonstrates that developed countries across the globe are targeted more heavily, with the USA, UK and Australia hit most commonly, followed by Canada, Germany, Denmark, Japan and France. In extreme cases, some countries have been known to hire state-sponsored hackers to launch attacks against organisations (including those related to critical infrastructure) and competitors in rival countries.

It is rather unsurprising that Windows is the most infected operating system, with 85% of ransomware occurring on this interface. A considerably lower amount (7%) occurs in both macOS and iOS, and merely 5% attack Android platforms. However, trends seem to be shifting as macOS is increasingly being targeted by ransomware creators - since 2018, detection of malware on Mac devices has doubled.

For organisations, BlackFog reports that companies with a low tolerance for downtime are the most vulnerable to be targeted by ransomware criminality - such as manufacturing companies, the professional services sector and government organisations. This is because hackers choose organisations that cannot afford significant downtime, or because an attack will mean they face regulatory fines if they handle public data. For these reasons, they are more likely to pay the ransom. With pressure on the public sector particularly intense this year as a result of Coronavirus, attacks on healthcare and educational organisations have grown.

2020 saw ransomware attacks grow in virulence, with attackers taking advantage of remote work vulnerabilities. Research shows that new ransomware can easily steal users' data to extort a victim. Since data loss is a growing concern for companies and individual users, these attacks are becoming increasingly prevalent and sophisticated. While large organisations are targeted the most, COVID-19, and a shift to remote working has triggered an influx of individuals being victimised, which can only be mitigated by implementing the correct, responsible security measures.

No matter how careful one can be, ransomware on a global level is unlikely to be conquered any time soon. NC