Posted in:

Ransomware Trends for Businesses to Watch For in 2021

Ransomware is growing more menace than it has ever been before. It is much more evasive and hard to catch, this is why knowing how to detect ransomware will be highly important for every business. Unlike before, in the post-covid year ransomware will selectively target companies that are more vulnerable due to money losses. Online businesses and enterprises should also prepare their defenses as they will become one of the main targets in 2021.

Here are the 5 main ransomware trends businesses should be aware of this year!

Attackers will use more tactics to extort money 

A typical ransomware attack works the following way: it encrypts the data of an organization and keeps it inaccessible until the organization pays a ransom. (For more information on what is ransomware and how it works read this article This is the only way attackers get money from businesses that started to change in 2020 and will likely grow in 2021.

Now, cybercriminals have diversified their ways to get money from you. Instead of just encrypting your data, some ransomware creators threaten to release the data. They force companies with backups or decryption keys to pay the ransom anyway to avoid their business-critical and sensitive information going public. 

Another way to double their revenue is to sell the obtained data. Even if the organization agrees to pay the ransom and gets its data back, attackers can still sell it on the darknet to profit from the scam more.

And, of course, there is also the famous payment sum growth that cybercriminals will be using more and more due to its efficiency. This approach assumes demanding one sum of money at the start and raising it a few days later.

More targeted attacks on enterprises and online businesses

For years, ransomware creators were using the old but effective method called “spray and pray.” This approach lets cybercriminals send phishing emails in bulk with no particular target in mind. Even if 1-2% of the recipients will click the email link, it will still result in massive profits for the attackers. 

But starting from 2019, the trend on targeting specific companies and industries has began to gain momentum. The so-called “big-game hunting” and high profile attacks are offering cybercriminals much higher profits, so this is where they focus their efforts the most. 

We can certainly expect to see more attacks on online business sectors like finance, e-commerce, and other online services and startups as these are on the rise in the post-covid era. But sectors that suffered during the pandemic are also at high risk of being targeted by ransomware. Cybercriminals are well aware that these sectors have mostly switched their financial focus from strengthening their cyber defense systems to, well, trying to keep their business afloat. It makes them an easy pray for cybercriminal schemes. 

Working from home will suscept companies to experience more attacks

It becomes more and more clear now that most of us won’t be able to go back to “normal” going-to-office-every-day kind of work in 2021. And while it has many benefits it, one of the biggest downsides of this format will be the decreased network and device security. This will become a huge vulnerability for many companies that will be forced to shift/stick to remote teams’ format. 

Since most home connections are far less protected than your corporate network ever will be, the chances that your employees will become victims of ransomware are unprecedentedly high. As a result of compromised employee accounts, the chances of threat actors gaining access to your organization’s systems and data are skyrocketing. 

But it doesn’t stop there. If from the business owner, IT admin, or CISO’s perspective the working-from-home employee looks like a potential time bomb, this may look equally unfairly damaging from the employee’s perspective. 

If this employee’s computer and data have been encrypted, deleted, stolen, or sold as collateral damage during an attack on your organization, who will the one to blame? We are inclined to think that the company will end up taking the whole responsibility for its employees’ losses, which most certainly will result in massive fees due to compliance violations. 

Cloud attacks will raise massively

Cloud-based data management suits operate on a shared responsibility model, which means that its subscribers are solely responsible for their data security. As the number of businesses who keep their data in the cloud grows, their unawareness of this nuance results in more and more frequent headlines about the massive cloud data breaches. 

The thing is that in the cloud, all data is connected. If you gain access to a privileged admin account, you basically gain access to everything. Also, the cloud is an easy target for threat actors because only so many companies bother with investing in security for their cloud assets. Most of them are certain that because of the well-established infrastructure cloud-based data management suits like Google Workspace and Microsoft 365 guarantee their files ransomware protection by default. 

But, of course, this is not the case. And cybercriminals are already using this security gap to profit from cloud-based companies with insufficient cybersecurity protection measures. And with all work processes going on remote and making it even less protected, cloud data will become one of the man ransomware targets. 

Ransomware will spread more through SaaS applications

In 2021 we will see more attackers leveraging Shadow IT – an unauthorized by the IT department usage of software and hardware. One of the most popular ways to do that is via SaaS applications. 

As of now, there are thousands of applications and browser extensions available for everyone to download. And those applications can be used by cybercriminals in a variety of ways. 

One of many ways threat actors can leverage SaaS apps is by creating an appealing-looking fake app with ransomware in it. When downloaded, this app requests access to some files and folders (a standard practice). When gained access, this app can easily infect this data with ransomware, steal this data and sell it, make it public, and do everything to extort money from a user.

But ultimately it is not about gaining profit from end-users; rather, end-users are the means cybercriminals use to get to businesses’ data. It happens when an employee downloads some productivity application they need for work and gives it access to corporate data (which is the only way any app can operate).