Ransomware has been a destructive threat targeting businesses, government agencies, schools, and individuals. The ransomware attacks gained greater traction and diversity in 2020, and are expected to bring about more havoc in 2021. A report released Wednesday by BlackBerry highlights several trends to watch for in the year ahead.
For BlackBerry’s “2021 Threat Report,” researchers and security professionals at the company were asked to suggest their cybersecurity forecasts for the year 2021. In response, they advice businesses and users to stay observant of the following threats as 2021 advances.
Ransomware attacks will continue to leverage the double-extortion strategy
A growing attack among cybercriminals is the double-extortion ransomware attack. Here, the cybercriminals demand a ransom to not decrypt the stolen data and to refrain from releasing it publicly. If the ransom is not paid within a certain time, the cybercriminals swear to publish it publicly or reveal it to possible competitors. Even if the data can be restored from backups, they may still be forced to pay the ransom to prevent the data from being exposed.
Threat actors contacting patients as part of healthcare extortion strategies
With the coronavirus pandemic, healthcare organizations were the top targets for cyberattacks. The healthcare industry holds confidential records and patient data valuable to ransomware attackers. But in a strategy, cybercriminals not only demand payment from the healthcare organization but the patients as well. Attacking hospitals and patients, and forcing both of them individually to pay ransom to prevent data leakage could become more popular during 2021. This trend could pressurize healthcare organizations from patients who are extorted individually, thereby increasing the odds of a ransom payment.
Nation-State actors hiding behind crimeware-as-a-service
The growth of crimeware-as-a-service allows nation-states to hide behind a third-party to launch ransomware campaigns and other types of attacks. This covers the identity of the true attacker and gives them a layer of credible deniability. It also makes it appear as though the attack could have originated from almost anywhere. As a response, organizations should consider adopting Zero Trust networking principles and role-based access controls, not just to users, but to applications and servers.
Crypto prices driving ransomware growth
Researchers see a strong correlation between the rate of ransomware viruses and the fluctuating price of Bitcoin. Already growing since last year, the value of bitcoin reached all new highs in early 2021. If this correlation continues to prove true, BlackBerry expects a robust ransomware market shortly.
Recommendations to protect companies
Though attackers have become increasingly advanced, most ransomware breaches still require some type of end-user interaction. In this regard, ransomware typically executes when a user clicks a link or opens a malicious attachment in an email. As such, here are a few recommendations:
- Organizations need to have a strong culture of security to minimize the risk of an attack. Apart from patch efficiency, antivirus software, and simple endpoint administration, you must use security that employs signature-based patterns, behavioural analytics, and machine learning backed by a strong R&D team.
- A data leak prevention (DLP) solution is a must to mitigate the risk of sensitive data being exfiltrated and avoid the scenario of double extortion. You should also protect sensitive data by restricting its access only to people who need it to do their jobs.
- Ensure that all backups are stored offsite, either physically or in the cloud to add an extra layer of security to identify and prevent encryption.
- In the event of a ransomware attack, consider using a decryptor to recover your data. Many decryptors are publicly available, free of charge, and work with some of the ransomware families.
- Consult with cybersecurity experts who are used to dealing with ransomware situations.
And what of the big question: should an organization pay the ransom or not?
The security community usually doesn’t recommend paying cybercriminals, simply because doing so justifies and propels the ransomware business. However, in some of the highly targeted and most damaging attacks, there might be no other way to recover and preserve data but to meet the ransom demands. In any scenario, the victims should work closely with law enforcement.
Need to protect yourself from the latest ransomware attacks? Get in touch with Trixter Cyber Solutions!
You can get in touch with us by simply filling up the contact form here.
Follow Trixter Cyber Solutions on LinkedIn for a weekly dose of useful cybersecurity updates and information.