“If you want to go quickly, go alone, but if you want to go far, go together.”

This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it comes to defending against ransomware attacks. As threat actors work together to provide ransomware-as-a-service, defenders also need to focus on working together, even when teams are separated in home offices.

As ransomware trends change in 2021, what should we look out for? An overview of the Sophos report provides some ideas.

The Psychology of Ransomware Attacks

Ransomware attacks are effective because they prey on one thing technology cannot protect: emotions. While the way threat actors are doing this has changed through 2020, the basics are still the same.

Threat actors in this space need to manipulate their victims. If you can’t be manipulated — via phishing, instant messages or some other vector — into accepting a payload onto your device or network, you are in a good position to stop ransomware. More sophisticated actors will use remote desktop protocol or drive-by attacks to infect a system, but that’s for your cybersecurity team to handle.

Ransomware attacks also need to generate urgency or fear. Invoking emotions that drive people to react right away, real or perceived are critical to a successful attack. You can still be a victim if you stay cool, but keeping your cool allows you to respond and recover better.

Lastly, these attackers prey on the fear of loss. Successful ransomware attacks depend on it. They use the fear of loss of sensitive data against their potential victims. You can be manipulated and you can feel a sense of urgency. But if ultimately you do not lose anything, you’ll feel like you’ve weathered a rough storm, even if you paid the ransom. Why? Relief that you have your data back.

Going into 2021, it remains important for defenders to consider these psychological aspects of ransomware attacks. So, what in particular should we look out for? And, what has changed that will likely become even more important in 2021?

Extortion as a Response to Good Defense

Defenders have done great work against ransomware attacks in the last year. We’ve made great efforts in the following areas:

  • Locking down ingress methods.
  • Keeping online backups and making them available if needed.
  • Shortening the time it takes to neutralize malware.

On the other hand, malicious actors enjoy the advantage of being on the offensive. Coupled with their modus operandi of not playing by the rules, playing offense allows them to be agile and adaptable. No matter how good our defense, the malicious actor always has a countermove. The most recent strategies in this area are extortion and collaboration.

A malicious actor can counter today’s defenses by increasing the payoff of their ransomware attacks through extortion. This change shows why exploiting our emotions — a wholly human vulnerability, one unrelated to any technological defense — is key to a successful attack.

To get colloquial, it’s as if the malicious actor responds by saying: “You think you’re safe by having backups? Fine. We’ll air out your dirty laundry instead.”

The psychological evolution suddenly goes beyond the fear of loss. Instead, you have the fear of embarrassment, as well.

Remember the proverb from earlier? The people behind ransomware attacks seem to have taken it to heart. Malicious actors don’t care and don’t have limitations. Their intent is to exploit you and take advantage of you. So don’t be surprised when they try to capitalize on tragic events.

In addition, according to the Sophos Threat Report, threat actors showed no sign of slowing down their collaboration. Actors now appear to operate more like cartels than independent groups.

How Does Information Warfare Tie Into Ransomware Attacks?

IBM Security X-Force shows an increase in ransomware attacks over the last year. Next, 2021 may bring major changes for ransomware. Here’s why:

Ransomware attacks using extortion become a type of psychological warfare, whether it is targeted to an individual or organization. It may just be about the money for now, but it may not stay that way.  Next, threat actors may use sensitive data to elicit a coerced decision that goes beyond money.

Remember, data is today’s currency.

The Sophos report states: “[w]hen it comes to data theft, the attackers are far less picky and exfiltrate entire folders, regardless of the file types that are contained within.”

Translation: the malicious actors are looking for something, anything, they can use against your emotions. That means information could be used as a weapon to generate many different responses. That requires cyber defenders to appreciate how information warfare and cyber warfare have now merged.

How to Protect Against Ransomware Attacks in 2021

From a technological perspective, some defenses have stayed the same. Keep going with the good work mentioned above, such as locking down ingress points (think remote desktop protocol) and having backups. Seriously consider cold storage of backups, because malicious actors are hunting to encrypt or destroy those, too. But technological one-upping will remain, so try to gain an advantage by limiting how often you make emotion-based decisions.

Here is a quick list of things to consider to prevent recent ransomware attacks if you haven’t done so in your 2021 planning:

  • Train your staff to be on the lookout for signs of ransomware attacks. Effective training may be your best defense.
  • Make crisis communications part of your cybersecurity incident response plan. Remember: you need to manage the message both externally and internally. Do not fuel the fire with bad messaging. And, be ready to counter extortion messaging, since it’s part of the game now.
  • While threat actors collaborate against us, we can still collaborate against them. Work with people in your industry and even those outside of it. Sharing is also an emotive act and can be very powerful for morale when you feel you’re in the fight with somebody else.
  • Be cool. This is easier said than done. But remember: the person running ransomware attacks against you is intentionally trying to get an emotive response out of you. Don’t give them that win. If you keep your emotions in check, as rough as it may be, you’ll make it into the next day and the road to recovery.

If you have experienced a cyber incident and would like immediate assistance from IBM Security X-Force incident response, please call our hotline at 1-888-241-9812 (US) or +001-312-212-8034 (global). Learn more about X-Force’s threat intelligence and incident response services.

More from Risk Management

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

6 Principles of Operational Technology Cybersecurity released by joint NSA initiative

4 min read - Today’s critical infrastructure organizations rely on operational technology (OT) to help control and manage the systems and processes required to keep critical services to the public running. However, due to the highly integrated nature of OT deployments, cybersecurity has become a primary concern.On October 2, 2024, the NSA (National Security Agency) released a new CSI titled “Principles of Operational Technology Cybersecurity.” This new guide was created in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD SCSC) to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today