What is the State of Ransomware in 2021?
Few things are more dreadful to organizations than turning on their computers only to find all files and data are inaccessible due to a ransomware attack. Yet, as society continues to embrace technology, such cases have become common. So what is ransomware? And what is its current state? Here is an in-depth look at what ransomware is and how it has evolved in 2021.
What Is Ransomware?
Ransomware is malware that cybercriminals use to block victims from accessing their files and data until they pay a ransom. This malware can paralyze the operations of an entire organization, given that it is fashioned to spread across networks and target file servers and databases. This deadly malware generates billions of dollars for cybercriminals while inflicting significant expenses and damages on governmental organizations and businesses.
The Evolution of Ransomware Attacks
Ransomware has taken quite a swing in the first half of 2021. Currently, the global average cost of recovery from Ransomware attacks has more than doubled that of 2020. The unprecedented increase in recovery costs from ransomware in the first half of 2021 is because of two reasons.
First, the 2021 cyberattacks are more targeted and sophisticated. Cybercriminals are now using tactics that lure users into engaging in risky behaviors. These tactics are also focused on organizational system endpoints such as laptops, servers, and tablets, which are usually the most vulnerable points.
Second, cybercriminals are using double extortion ransomware. Over the years, organizations have shifted to emphasizing data backup and restoration to help minimize the effects of ransomware attacks. However, the adoption of double extortion by cybercriminals more has tipped the scales in their favor.
Instead of just encrypting files, the double extortion ransomware infiltrates data first. As such, suppose an organization refuses to pay the ransom, the attackers can either sell the information to the highest bidder or leak it online.
Which Industries Have Been Targeted by the 2021 Ransomware Attacks?
2021 has seen an excruciating rise in ransomware attacks. As expected, most of the cyber gangs who carried out the attacks demanded payment via cryptocurrencies. The recent attacks have spared no industry. From manufacturing to finance, technology & technology service providers to the healthcare industry, all have fallen victim to these malicious attacks.
According to an analysis of the recent ransomware operations by Herjavec Group, the manufacturing industry was the most affected, with it suffering 39% of the attacks. Technology and technology providers came a close second with 18%. The least affected industries were Education and entertainment, with each recording 4% and 3% of the ransomware attacks, respectively.
Which Ransomware Families Have Been Most Prominent In 2021?
Reportedly, the year 2021 has experienced a surge in ransomware attacks, more so due to most organizations adopting the work from home policy because of the COVID-19 pandemic. Cybercriminals have seized the opportunity presented by the lack of sufficient cybersecurity measures of the work from home policy. Currently, they have been launching a series of attacks to breach the data of both small and big companies.
But which ransomware families have been carrying out these attacks? Below we outline the most prominent ransomware families in 2021:
Conti is arguably the most prominent ransomware family in 2021. The most targeted groups by this ransomware include finance, the public sector, consumables, and technology industries. Conti uses phishing attacks to install Bazarloader and Trickbot Trojans that provide remote access to steal credentials and stored data in the workstation servers.
This ransomware is usually delivered at the end of a series of meterpreter payloads that use a reflective DLL injection to drive malware directly into the memory. The reflective loaders don’t write the ransomware on the infected computer. As such, not even the savviest malware analyst can find their origin.
This ransomware is thought to have begun operations in 2020. Avvadon mainly targets technology and manufactured consumables industries. This ransomware group is known for using the double extortion technique whereby it threatens its victims into paying ransom to prevent sensitive or stolen data from being released to the public. Some of the notable victims of Avvadon are Acer finance and AXA.
Formerly Sodinokibi, this ransomware has been observed to be distributed through backdoor software installers, vulnerability exploits, and by exploiting kits. REvil is a blocking malware that encrypts the victim’s files after infecting the entire system and then sends a request message. Most often, the message explains to the victim that they need to pay the ransom in bitcoins.
In 2021, the REvil attacks targeted food production firms such as Bakker Logistiek and technology firms such as Acer Computers and Quanta Computers. Its other attacks targeted insurance companies, the healthcare system, lawyers, and the court system.
Just like other ransomware families, Netwalker establishes itself through phishing emails, after which its extracts and encrypts data to hold the victim hostage for a hefty ransom.
That said, this ransomware does one thing different from other families. To show they mean business, the team behind this ransomware leak a sample of the data online and threatens to release more if the victim doesn’t pay that ransom. Over the past few months, government agencies, enterprises, educational institutions, and healthcare organizations have reported attacks by Netwalker.
Having been discovered in 2021, Babuk is amongst the new ransomware families. However, the devastation it has caused isn’t in any way little. Since its discovery, Babuk has impacted 38 enterprises and even managed to fork out $85k in bitcoins in its attacks. One of its recent attacks was on the Washington DC police.
Babuk has been observed to target the consumables’ industry, the public sector, and the technology industry. This ransomware family stated on its official page that they would not target charitable organizations, hospitals, and schools.
How Should You Respond to Ransomware Attacks?
Below are some ways of responding to ransomware attacks to diminish their effects:
- Disrupt active infections: You can achieve this by removing the infected device from the network until the virus is eliminated.
- Leverage your proactive resources: Re-image the infected devices to eliminate the detected ransomware and restore data from your backup files.
- Eliminate the source of the malware: you must get rid of the source of the infection to prevent future attacks. If you suspect that the breach source was your mail, you should delete it to avoid future infections.
- Have an incident response team on standby: Given the high prevalence of ransomware attacks, it may be prudent to have an incident response team on standby to mitigate the situation in case of an attack.
- Pay the ransom: Even though this may not be the best cause of action since it encourages ransomware attacks, if push comes to shove, you can always pay the ransom to avoid the loss of sensitive data.
What Are the Ways of Preventing Ransomware Attacks?
The gradual rise of ransomware attacks over the past years is an ever-growing problem that has quickly turned into a lucrative criminal enterprise. Most of the organizations that have fallen victim to these attacks have ended up incurring huge losses. But are there ways of preventing these attacks? The short answer is YES.
Here is an outline of some of them:
- Ensure your endpoints are secure: Given that most users interact with personal and corporate devices, your endpoints are the most vulnerable points if not well managed. Ensure you update your anti-virus regularly. Also, ensure that your endpoint protection deeply examines the traffic behavior of your endpoints.
- Restrict access to privileged accounts: Ensure privileged persons such as administrators have separate accounts for daily computing and administration.
- Backup your files regularly: One way to avoid paying the ransom is by developing a robust backup and data recovery strategy.
- Isolate and analyze suspicious files: You can use technologies such as sandboxing to enable you to move suspicious files to quarantine for analysis before opening them.
- Educate your employees: Educating your employees is an essential step towards defeating ransomware. When your employees know to treat suspicious emails with caution, the chances of falling victim to ransomware attacks reduce considerably.
- Use a multilayered network security approach: Protection from ransomware is not restricted to only the endpoints. You can beef up your security with anti-spyware, anti-virus, intrusion prevention, among other technologies.
- Deploy a Microsoft group policy: This policy will restrict software’s ability to run from “temp” folders and “AppData.” Doing this will reduce the chance of ransomware attacks. These two avenues allow all users to write on them, and permission to write on them cannot be restricted without interfering with the system function.
There are no signs of ransomware attacks ending anytime soon. Even though blockchain, Artificial Intelligence, and other technologies such as Microsoft provide us with better ways of detecting ransomware, this may not be enough given the cybergang’s cunning ability to find new ways to breach the systems and demand ransoms. Our only hope may be to keep tabs on the latest trends in security measures against ransomware. For that, you need to visit this page regularly to get tips on keeping your organization safe from ransomware. Contact us for more information.