Thursday 6th May 2021

BLOG: The Escalating Concern About Ransomware

Ransomware has always been quite a prominent threat, but it has developed to be a progressively more potent threat targeting people, businesses and other organisations. It is believed that due to the greater traction of ransomware attacks gained last year, the volume and developments will increase in 2021. It has been advised by cybersecurity professionals that businesses, organisations and users stay alert.

Ransomware is ever evolving, the simplest variation of ransomware can cause substantial time and money and more serious incidents can cause immense detriment to organisations regardless of the size of said organisation. This is especially hazardous in these days given our current climate, causing uncertainty. There is no clear-cut prevail over cyber coercion, a great way of working through such potential threats is to comprehend how ransomware operates.

Crimeware/Hack-For-Hire As A Service

The growth of crimeware-as-a-service allows individuals to hide behind third-party suppliers to initiate ransomware operations. The identity of the true attacker is hidden, and makes it appear as though the attack could have derived from essentially anywhere. Click here to read an article from our analyst team about hack for hire groups.

Extortion of Healthcare Services

Last year proved that healthcare organisations continue to be top targets for cyberattacks. There is a concern about cybercriminals demanding payment from not only the healthcare organisation, but also the patients. In October 2020, a Finnish psychotherapy center was the victim of an attack in which patient data was stolen. The attackers demanded a ransom from the psychotherapy center but also contacted each patient individually seeking a ransom of 200 Euros in bitcoins . In the end, the criminals published the medical records of at least 300 patients on a Tor site. Such a tactic could become more popular during 2021, especially when paired with traditional ransomware attacks. This trend could also put added pressure on healthcare organizations from patients who are extorted individually, thereby increasing the odds of a ransom payment.

Double Extortion Strategies

A rising approach amongst cybercriminals is the double-extortion ransomware attack, this is when attackers request a ransom to decrypt the stolen data and to refrain from distributing it openly. If the ransom is not paid, the criminals pledge to circulate the data. Despite the possibility of the targeted organisation being able to the data from backups, they may still be forced to pay the ransom to prevent the data from being exposed. This approach increased the average ransom payments during last year.

The Bitcoin & Ransomware Correlation

Researchers and analysts are seeing a solid correlation between the rate of ransomware infections and the shifting price of bitcoin. Already on the rise since last year, the value of bitcoin reached all new highs in early 2021. If this correlation continues to prove true, cybersecurity professionals expect a strong ransomware market soon.

Prominent Types Of Ransomware

Source: SafetyDetectives

As previously stated, ransomware is perpetually evolving and there continues to be several new sophisticated ransomware variants. WannaCry is one of the growing variants that made headlines in 2017, WannaCry was the cause of shutting down government organisations, public transportation, national telecommunication companies, global logistic companies, and multiple universities systems. Last year, this ransomware has been flagged as being in nearly half of the reported ransomware incidents within the USA.

Though attackers have become increasingly skilled at exploiting vulnerable services and unpatched software, most ransomware breaches still require some type of end-user interaction, ransomware typically executes when a user clicks a link or opens a malicious attachment in an email. Organisations need to gain a strong philosophy of safety measures to lessen the possibility of an attack. Organisations should also protect sensitive data by restricting its access only to people who need it to do their jobs. Threat actors and attackers will not be reluctant to distribute sensitive data on forums, websites and platforms that endorse such information whether or not you pay the ransom. Guarantee that all backups are stored either physically or in the cloud.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.