I’m sure I’m not the only one who expected the world to magically get back to normal — whatever that is — when the ball dropped on 2021. After seeing a rise in threats last year, no more ransomware, or at least fewer attacks, was on my very long wish list for a wonderful new year.
But the past few months brought me back to reality, as experts at Barron’s predict the likelihood of a rise in attacks this year. We’ve already seen new threats emerging and current trends getting worse. Here are three ransomware trends to expect to hear more about in 2021.
Attacks as a Commodity
On the surface, it’s easy to assume ransomware using botnets and loaders bought off the dark web are less sophisticated than hand-built attacks. However, many cyber criminals are turning to these tools to look for vulnerabilities in a system or network. By scouting ahead, threat actors can launch larger and more damaging attacks. Often, these start as low-level or sleep attacks that lead to large-scale damage.
Threat actors are also turning to community ransomware, such as the newly discovered Egregor family, to launch double-extortion ransom attacks. In addition to asking for money from the company for releasing the data, this type directly targets the people whose data was stolen. The data is often harmful to a person’s or business’ name to the point that they may be willing to pay for the release of their data.
So, how do we stop ransomware like this? Because the initial tools used are not overly sophisticated, the IBM X-Force Definitive Guide to Ransomware recommends focusing on basics to prevent this kind of attack. Use common sense tactics, such as securing endpoints, using multifactor authentication and making sure employees update operating systems on all devices often. Backing systems up and then storing backups apart from primary networks is also key.
While not a new threat or method, experts expect ransomware-as-a-service (RaaS) to become more widely used in 2021. Honest businesses also commonly use the as-a-service model across software and infrastructure. This type of ransomware allows cybercriminals to purchase a subscription and then use the malicious code to launch attacks.
Because this allows threat actors without technical backgrounds to launch attacks, RaaS greatly expands the possible numbers of attacks. Before this, ransomware attacks were expensive to launch because a skilled developer would have to create a unique variant of an infection. With RaaS, cyber criminals launching attacks only pay for the services they use. They often pay a percentage of the ransom collected to the RaaS vendor. By creating a business model selling ransomware, developers are more protected from detection because they are not the ones launching the attacks.
RaaS attacks often begin as phishing attacks. The IBM X-Force Definitive Guide to Ransomware suggests performing surprise mock phishing exercises to collect metrics on who clicks on suspicious links or attachments. Also, consider removing executable attachments sent through email to block potential threats.
Attacks Against Schools
The switch to remote learning in 2020 opened schools up to digital attacks. During August and September 2020, 60% of all ransomware attacks were against K-12 schools, the FBI says. That’s a 30% increase over the previous two months. In late November 2020, Baltimore schools closed remote and in-person learning for a week due to a large-scale ransomware attack. Huntsville, Alabama, schools endured a similar closing, with staff and students instructed not to log in during the closure. As a response, the Cybersecurity and Infrastructure Security Agency recently launched a new ransomware awareness initiative focused on K-12 schools through education and resources.
A lack of training around this issue for teachers, the majority of educators using their own devices and a lack of budgets for defensive tools all contribute. With remote learning, attackers now have many more endpoints to access. In addition, more users are remotely logging in to a system. With some children attending school remotely at learning and daycare centers, many students may be using unsecured and public wireless networks.
The IBM X-Force Definitive Guide to Ransomware recommends creating an incident response plan to allow schools to act quickly during a ransomware attack. Because end users are often the first to encounter a ransomware attack, the guide also says that role-based training can be critical to preventing attacks.
How to Avoid Ransomware
In addition to the specific tips above, there are some general guidelines for ransomware prevention for your home, school or business. The IBM X-Force Definitive Guide to Ransomware explains that it’s particularly malicious because no administrative privileges are needed to launch an attack. The guide also stresses that all ransomware attacks are not equal. Ransomware that is not mitigated with decryption keys or resolved through reverse engineering carries a much higher risk of damage than other types of attacks.
Like everyone else, I’m hoping the remainder of 2021 brings lots of good news. And even with the increased attacks, there is at least some good news. By being prepared, you can reduce the risk of being a victim. Even more importantly, you can reduce the damage if you are a victim. The IBM X-Force Definitive Guide to Ransomware provides detailed steps about how to develop a comprehensive incident response plan. Within this, it provides detailed directions for different scenarios and types of attacks.
You are taking the first step toward protecting your data and infrastructure by reading this article. And now it’s time to take the rest of the steps — proactive actions toward protecting your data and infrastructure.
Download the guide
If your organization requires immediate assistance with incident response, please contact IBM Security X-Force’s US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034. Learn more about X-Force’s threat intelligence and incident response services.