“If you want to go quickly, go alone, but if you want to go far, go together.”

This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it comes to defending against ransomware attacks. As threat actors work together to provide ransomware-as-a-service, defenders also need to focus on working together, even when teams are separated in home offices.

As ransomware trends change in 2021, what should we look out for? An overview of the Sophos report provides some ideas.

The Psychology of Ransomware Attacks

Ransomware attacks are effective because they prey on one thing technology cannot protect: emotions. While the way threat actors are doing this has changed through 2020, the basics are still the same.

Threat actors in this space need to manipulate their victims. If you can’t be manipulated — via phishing, instant messages or some other vector — into accepting a payload onto your device or network, you are in a good position to stop ransomware. More sophisticated actors will use remote desktop protocol or drive-by attacks to infect a system, but that’s for your cybersecurity team to handle.

Ransomware attacks also need to generate urgency or fear. Invoking emotions that drive people to react right away, real or perceived are critical to a successful attack. You can still be a victim if you stay cool, but keeping your cool allows you to respond and recover better.

Lastly, these attackers prey on the fear of loss. Successful ransomware attacks depend on it. They use the fear of loss of sensitive data against their potential victims. You can be manipulated and you can feel a sense of urgency. But if ultimately you do not lose anything, you’ll feel like you’ve weathered a rough storm, even if you paid the ransom. Why? Relief that you have your data back.

Going into 2021, it remains important for defenders to consider these psychological aspects of ransomware attacks. So, what in particular should we look out for? And, what has changed that will likely become even more important in 2021?

Extortion as a Response to Good Defense

Defenders have done great work against ransomware attacks in the last year. We’ve made great efforts in the following areas:

  • Locking down ingress methods.
  • Keeping online backups and making them available if needed.
  • Shortening the time it takes to neutralize malware.

On the other hand, malicious actors enjoy the advantage of being on the offensive. Coupled with their modus operandi of not playing by the rules, playing offense allows them to be agile and adaptable. No matter how good our defense, the malicious actor always has a countermove. The most recent strategies in this area are extortion and collaboration.

A malicious actor can counter today’s defenses by increasing the payoff of their ransomware attacks through extortion. This change shows why exploiting our emotions — a wholly human vulnerability, one unrelated to any technological defense — is key to a successful attack.

To get colloquial, it’s as if the malicious actor responds by saying: “You think you’re safe by having backups? Fine. We’ll air out your dirty laundry instead.”

The psychological evolution suddenly goes beyond the fear of loss. Instead, you have the fear of embarrassment, as well.

Remember the proverb from earlier? The people behind ransomware attacks seem to have taken it to heart. Malicious actors don’t care and don’t have limitations. Their intent is to exploit you and take advantage of you. So don’t be surprised when they try to capitalize on tragic events.

In addition, according to the Sophos Threat Report, threat actors showed no sign of slowing down their collaboration. Actors now appear to operate more like cartels than independent groups.

How Does Information Warfare Tie Into Ransomware Attacks?

IBM Security X-Force shows an increase in ransomware attacks over the last year. Next, 2021 may bring major changes for ransomware. Here’s why:

Ransomware attacks using extortion become a type of psychological warfare, whether it is targeted to an individual or organization. It may just be about the money for now, but it may not stay that way.  Next, threat actors may use sensitive data to elicit a coerced decision that goes beyond money.

Remember, data is today’s currency.

The Sophos report states: “[w]hen it comes to data theft, the attackers are far less picky and exfiltrate entire folders, regardless of the file types that are contained within.”

Translation: the malicious actors are looking for something, anything, they can use against your emotions. That means information could be used as a weapon to generate many different responses. That requires cyber defenders to appreciate how information warfare and cyber warfare have now merged.

How to Protect Against Ransomware Attacks in 2021

From a technological perspective, some defenses have stayed the same. Keep going with the good work mentioned above, such as locking down ingress points (think remote desktop protocol) and having backups. Seriously consider cold storage of backups, because malicious actors are hunting to encrypt or destroy those, too. But technological one-upping will remain, so try to gain an advantage by limiting how often you make emotion-based decisions.

Here is a quick list of things to consider to prevent recent ransomware attacks if you haven’t done so in your 2021 planning:

  • Train your staff to be on the lookout for signs of ransomware attacks. Effective training may be your best defense.
  • Make crisis communications part of your cybersecurity incident response plan. Remember: you need to manage the message both externally and internally. Do not fuel the fire with bad messaging. And, be ready to counter extortion messaging, since it’s part of the game now.
  • While threat actors collaborate against us, we can still collaborate against them. Work with people in your industry and even those outside of it. Sharing is also an emotive act and can be very powerful for morale when you feel you’re in the fight with somebody else.
  • Be cool. This is easier said than done. But remember: the person running ransomware attacks against you is intentionally trying to get an emotive response out of you. Don’t give them that win. If you keep your emotions in check, as rough as it may be, you’ll make it into the next day and the road to recovery.

If you have experienced a cyber incident and would like immediate assistance from IBM Security X-Force incident response, please call our hotline at 1-888-241-9812 (US) or +001-312-212-8034 (global). Learn more about X-Force’s threat intelligence and incident response services.

More from Risk Management

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

Back to basics: Better security in the AI era

4 min read - The rise of artificial intelligence (AI), large language models (LLM) and IoT solutions has created a new security landscape. From generative AI tools that can be taught to create malicious code to the exploitation of connected devices as a way for attackers to move laterally across networks, enterprise IT teams find themselves constantly running to catch up. According to the Google Cloud Cybersecurity Forecast 2024 report, companies should anticipate a surge in attacks powered by generative AI tools and LLMs…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today