“If you want to go quickly, go alone, but if you want to go far, go together.”

This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it comes to defending against ransomware attacks. As threat actors work together to provide ransomware-as-a-service, defenders also need to focus on working together, even when teams are separated in home offices.

As ransomware trends change in 2021, what should we look out for? An overview of the Sophos report provides some ideas.

The Psychology of Ransomware Attacks

Ransomware attacks are effective because they prey on one thing technology cannot protect: emotions. While the way threat actors are doing this has changed through 2020, the basics are still the same.

Threat actors in this space need to manipulate their victims. If you can’t be manipulated — via phishing, instant messages or some other vector — into accepting a payload onto your device or network, you are in a good position to stop ransomware. More sophisticated actors will use remote desktop protocol or drive-by attacks to infect a system, but that’s for your cybersecurity team to handle.

Ransomware attacks also need to generate urgency or fear. Invoking emotions that drive people to react right away, real or perceived are critical to a successful attack. You can still be a victim if you stay cool, but keeping your cool allows you to respond and recover better.

Lastly, these attackers prey on the fear of loss. Successful ransomware attacks depend on it. They use the fear of loss of sensitive data against their potential victims. You can be manipulated and you can feel a sense of urgency. But if ultimately you do not lose anything, you’ll feel like you’ve weathered a rough storm, even if you paid the ransom. Why? Relief that you have your data back.

Going into 2021, it remains important for defenders to consider these psychological aspects of ransomware attacks. So, what in particular should we look out for? And, what has changed that will likely become even more important in 2021?

Extortion as a Response to Good Defense

Defenders have done great work against ransomware attacks in the last year. We’ve made great efforts in the following areas:

  • Locking down ingress methods.
  • Keeping online backups and making them available if needed.
  • Shortening the time it takes to neutralize malware.

On the other hand, malicious actors enjoy the advantage of being on the offensive. Coupled with their modus operandi of not playing by the rules, playing offense allows them to be agile and adaptable. No matter how good our defense, the malicious actor always has a countermove. The most recent strategies in this area are extortion and collaboration.

A malicious actor can counter today’s defenses by increasing the payoff of their ransomware attacks through extortion. This change shows why exploiting our emotions — a wholly human vulnerability, one unrelated to any technological defense — is key to a successful attack.

To get colloquial, it’s as if the malicious actor responds by saying: “You think you’re safe by having backups? Fine. We’ll air out your dirty laundry instead.”

The psychological evolution suddenly goes beyond the fear of loss. Instead, you have the fear of embarrassment, as well.

Remember the proverb from earlier? The people behind ransomware attacks seem to have taken it to heart. Malicious actors don’t care and don’t have limitations. Their intent is to exploit you and take advantage of you. So don’t be surprised when they try to capitalize on tragic events.

In addition, according to the Sophos Threat Report, threat actors showed no sign of slowing down their collaboration. Actors now appear to operate more like cartels than independent groups.

How Does Information Warfare Tie Into Ransomware Attacks?

IBM Security X-Force shows an increase in ransomware attacks over the last year. Next, 2021 may bring major changes for ransomware. Here’s why:

Ransomware attacks using extortion become a type of psychological warfare, whether it is targeted to an individual or organization. It may just be about the money for now, but it may not stay that way.  Next, threat actors may use sensitive data to elicit a coerced decision that goes beyond money.

Remember, data is today’s currency.

The Sophos report states: “[w]hen it comes to data theft, the attackers are far less picky and exfiltrate entire folders, regardless of the file types that are contained within.”

Translation: the malicious actors are looking for something, anything, they can use against your emotions. That means information could be used as a weapon to generate many different responses. That requires cyber defenders to appreciate how information warfare and cyber warfare have now merged.

How to Protect Against Ransomware Attacks in 2021

From a technological perspective, some defenses have stayed the same. Keep going with the good work mentioned above, such as locking down ingress points (think remote desktop protocol) and having backups. Seriously consider cold storage of backups, because malicious actors are hunting to encrypt or destroy those, too. But technological one-upping will remain, so try to gain an advantage by limiting how often you make emotion-based decisions.

Here is a quick list of things to consider to prevent recent ransomware attacks if you haven’t done so in your 2021 planning:

  • Train your staff to be on the lookout for signs of ransomware attacks. Effective training may be your best defense.
  • Make crisis communications part of your cybersecurity incident response plan. Remember: you need to manage the message both externally and internally. Do not fuel the fire with bad messaging. And, be ready to counter extortion messaging, since it’s part of the game now.
  • While threat actors collaborate against us, we can still collaborate against them. Work with people in your industry and even those outside of it. Sharing is also an emotive act and can be very powerful for morale when you feel you’re in the fight with somebody else.
  • Be cool. This is easier said than done. But remember: the person running ransomware attacks against you is intentionally trying to get an emotive response out of you. Don’t give them that win. If you keep your emotions in check, as rough as it may be, you’ll make it into the next day and the road to recovery.

If you have experienced a cyber incident and would like immediate assistance from IBM Security X-Force incident response, please call our hotline at 1-888-241-9812 (US) or +001-312-212-8034 (global). Learn more about X-Force’s threat intelligence and incident response services.

More from Risk Management

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

How the Silk Road Affair Changed Law Enforcement

The Silk Road was the first modern dark web marketplace, an online place for anonymously buying and selling illegal products and services using Bitcoin. Ross Ulbricht created The Silk Road in 2011 and operated it until 2013 when the FBI shut it down. Its creator was eventually arrested and sentenced to life in prison. But in a plot twist right out of a spy novel, a cyber attacker stole thousands of bitcoins from Silk Road and hid them away. It…

Third-Party App Stores Could Be a Red Flag for iOS Security

Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…