Ransomware 2021: New Trends and the Biggest Incidents of the Year

Among its other problems, 2021 will be remembered as a year of explosive growth in ransomware infections.

Since its first appearance, ransomware has evolved on its journey - from fragmented tools created by isolated enthusiasts to a powerful underground industry that offers great rewards for its creators. Also, the cost of entry into this gloomy world decreases more and more.

Nowadays, would-be cybercriminals no longer need to create their malware or even buy it on the dark web. All they need is access to a RaaS (Ransomware-as-a-Service) cloud platform. Easy to deploy and without requiring programming skills, these services allow virtually anyone to use ransomware tools, and this naturally leads to an increasing number of cyber incidents of this type.

Another worrying recent trend is the transition from a simple ransomware model to combined attacks that bypass data before encrypting it. In such cases, non-payment results not in the destruction of the information, but its publication in open sources or sale at auction (closed). In one of these auctions, which took place during the summer of 2020, databases of agricultural companies, stolen using the REvil ransomware, went on sale for an initial price of $ 55,000.

Unfortunately, many ransomware victims feel compelled to pay, despite knowing that there is no guarantee that they will get their data back. This is because hackers tend to target companies and organizations with a low tolerance for lost time. The damage caused by a production shutdown, for example, can amount to millions of dollars a day, while an incident investigation can take weeks and not necessarily bring everything back to normal. What about medical organizations? In urgent situations, some entrepreneurs feel that they have no option but to pay.

Last fall, the FBI issued a special ransomware clarification, unequivocally recommending that no one pay hackers any money. (The payment encourages more attacks and in no way guarantees the recovery of encrypted information.)

Top Headlines

Here are just a few of the incidents that occurred in the first half of this year that point to the growing scale of the problem.

In February, the Danish installation services company ISS was a victim of ransomware. Cybercriminals have encrypted the company's database, which has caused hundreds of thousands of employees in 60 countries to be disconnected from corporate services. The Danes refused to pay. Restoring most of the infrastructure and conducting an investigation took about a month, and total losses were estimated at between $ 75 to $ 114 million.

Ransomware hit the US multinational IT service provider Cognizant in the spring. On April 18, the company officially admitted being the victim of an attack by the popular Maze ransomware. The company's customers use its software and services to provide remote work support to employees whose activities have been interrupted.

In a statement sent to its partners immediately after the attack, Cognizant listed specific Maze server IP addresses and file hashes (kepstl32.dll, memes.tmp, maze.dll) as indicators of compromise.

The reconstruction of much of the corporate infrastructure took three weeks and Cognizant reported losses of between $ 50 to $ 70 million in its second-quarter 2020 financial results.

In February 2020, Redcar and the Cleveland Borough Council (UK) suffered an attack. The British newspaper The Guardian quoted a board member as saying that for three weeks - the time required to effectively rebuild the IT infrastructure used by hundreds of thousands of residents - the board was forced to resort to "pen and paper".

How to Protect Yourself

The best strategy is to be prepared. Equip e-mail services, which are potential entry points for unauthorized access, with spam filters to block or quarantine executable attachments.

If, despite your preparedness, an attack is successful, minimize downtime and possible damage by maintaining regularly updated backups of all critical business information. Store your backups in a secure cloud.

In addition to the digital cleaning products described above, use specialized solutions, such as the Anti-Ransomware tool. Using cloud and behavioral analysis, the Anti-Ransomware tool prevents ransomware from penetrating systems, detecting suspicious application behavior, and, for systems that are already infected, the tool can reverse malicious actions.

Our integrated solution, Protegent360 Total Security Software for Business, offers much broader protection against all types of threats. In addition to the features of the Anti-Ransomware tool, Protegent360 Total Security Software for Business contains a full range of web and device controls, the Adaptive Anomaly Control tool, and recommendations for configuring security policies to arm the solution against even types of devices. more recent attacks, for example, those that use fileless malware.