5 Ransomware Predictions to Ring In 2021

Ransomware and a red, spiky virus were perhaps the only winners in 2020, and both celebrated a banner year. But while 2021 will (hopefully) usher in mass immunizations against COVID-19 and the beginning of the so-called post-pandemic new normal, ransomware’s not slowing down in the year ahead. By all accounts, it will only get bigger and badder in 2021. Ransomware and a red, spiky virus were perhaps the only winners in 2020, and both celebrated a banner year. But while 2021 will (hopefully) usher in mass immunizations against COVID-19 and the beginning of the so-called post-pandemic new normal, ransomware’s not slowing down in the year ahead. By all accounts, it will only get bigger and badder in 2021. According to Positive Technologies’ third-quarter 2020 cyber threatscape report, ransomware attacks now account for over half of all malware attacks (51% in Q3 compared to 39% in Q2). Additionally, half of all attacks against health care institutions during the quarter involved ransomware, and this tragically included the first fatality from a ransomware attack against a hospital in Germany. As we look ahead to the new year, we’ve rounded up the top five ransomware predictions-slash-challenges that we expect to play out in 2021. Let’s hope we are wrong, but as we learned in 2020, it’s much better to take precautions and strengthen our systems than bury our (maskless) heads in the sand and say it will all be over by Easter. Druva CIO and CISO Drew Daniels believe that health care will be the most targeted industry when it comes to ransomware attacks in 2021, even more than it was in 2020. Also, this threat will extend from hospitals and medical clinics to research organizations scrambling to develop new treatments. “Threat actors will be targeting medical research laboratories, big pharma, biotechnology companies and any third-party companies that health care works with, as these organizations will likely be storing the patient data being analyzed in order to create a vaccine,” he said. And while hospitals have always been lucrative targets because their systems house patients’ protected health information and critical medications and keep patients’ hearts beating and lungs pumping oxygen, the fatal ransomware attack in Germany is going to give these even greater urgency — and bigger price tags. Health-care records now sell for between $100 and $500 on the dark web, according to RSA security executives. “Hackers will be incentivized to continue their attacks on health systems,” they predict. “Their focus on our health systems will disrupt providers’ ability to deliver care and cause unprecedented deaths.” Casey Ellis, CTO, founder, and chairman of Bugcrowd, echoes this prediction and expects attackers to “prioritize ransomware attacks on strained health-care facilities’ critical life support systems as the urgency to save a patient’s life would put great pressure on any hospital to pay a ransom. To prepare for potentially fatal ransomware campaigns, the health-care sector needs to identify its critical systems and determine which are most business critical. Then, each health-care organization can prioritize those critical systems for upgrades to ensure proper security for patient well-being.” Double-extortion ransomware attacks weren’t widely used until 2020, according to Check Point’s 2020 mid-year report. In these attacks, hackers first extract large amounts of sensitive data prior to encrypting a victim’s databases. They then threaten to publish that data unless the victim pays ransom demands, thus putting extra pressure on organizations to pay up. A Q3 Check Point report saw another sharp rise in double-extortion ransomware attacks with the security vendor’s threat researchers reporting a 50% increase in the daily average of ransomware attacks, compared to the first half of the year. They expect to see another ransomware uptick in 2021. CrowdStrike CTO Mike Sentonas also expects these double-extortion attacks to become even more popular in 2021, with some hackers using a more targeted approach and threatening to publicly release and/or auction the data unless the victim pays the ransom. This is particularly egregious because it potentially turns every ransomware attack into a data breach. “We’re seeing examples of ransomware where the demands escalate the longer you wait to pay,” Sentonas said in an earlier interview, adding that cyber criminals can ask for multi-million-dollar ransoms because they have done their homework. “With these bigger attacks, the adversary has targeted the organization or the government department, they found an entry point into the organization and then escalated their credentials,” he said. “They’ve prepared the environment. And then when they ask for the demand, they’re ready to cause maximum damage. So managed hunting is critical today, even more than it ever was.” As hackers turn to extortion, ransomware will finally be treated like a data breach, predicts Deepen Desai, CISO and VP of security research at Zscaler. This means companies will finally develop ransomware playbooks and response plans — or dust off and update their existing ones. “Organizations can no longer afford to be unprepared,” Desai said. “What was primarily handled by the CISO’s team, will be recognized as a larger issue that teams across the entire organization will need to tackle. Company-wide ransomware playbooks and response plans will be created to dictate exactly what to do and how to mitigate any damage to the brand.” An IBM report from earlier this year found the vast majority of organizations (74%) have no security response plans, and only one-third of companies with a formal security response (that’s 17% of total respondents) had also developed specific playbooks for common attacks. “If you have no other playbook, at least have one for ransomware,” IBM X-Force VP Wendi Whitmore said in an earlier interview. Playbooks and business continuity plans are key because it’s impossible for security systems to be 100% effective, said Ranga Rajagopalan, VP of product at Commvault. He predicts that 2021 will be the year when organizations finally realize the need a plan for ransomware attacks. “Next year, expect to see organizations finally start working to ensure they have in place the business continuity processes and disaster recovery solutions they need to rapidly recover not just from natural disasters, but malicious cyberattack disasters as well — helping them transform ransomware attacks from three-car pileups into mere bumps in the road,” he said. To counter the ransomware threats, companies need a combination of attack detection, data security, and data backup, Metallic GM Manoj Nair said. In 2021, “companies will increase their adoption of new backup-as-a-service (BaaS) solutions that allow them to quickly recover data if an attack does find a way through their standalone security solutions and their applications’ built-in security,” he predicts. “With these BaaS solutions companies can back up their cloud, on-premises, and endpoint primary data to an air-gapped cloud service. This additional layer of protection provides companies with a pristine secondary copy of their primary data that they can restore if a cyberattack does find a chink in their cyberattack detection and data security armor.” The SolarWinds hack wasn’t ransomware, but it did shine a spotlight on the important role that cybersecurity plays in national security. President-elect Joe Biden has already said that his administration “will make cybersecurity a top priority at every level of government,” and this undoubtedly will include ransomware. The U.S. government muddied up the compliance waters surrounding ransomware earlier this year when the Treasury Department threatened financial penalties against companies paying ransoms to hackers. While it was intended to thwart future ransomware attacks, it put victims and incident responders in a tough spot. “Payments that are clandestine using cryptocurrency are hard to track and only fuels the cycle for more attacks and payments by others in the same situation,” Druva’s Daniels said. “The Treasury Department can only do so much, and even if they manage to clamp down on this anymore than we (as security leaders) have already done, the unfortunate truth is: where there’s a will, there’s a way. This is the same reason why despite the continued insistence not to pay ransoms, ransomware has only grown.” Asigra CEO David Farajun expects ransomware payments to become illegal in 2021. “The U.S. government has expressed intentions to align the payment of cyber ransoms with the support of terrorist organizations and will likely make these payments illegal,” he said. “It is expected that other nations will enact such laws as well, especially to defend against possible nation-state sponsored actors.” Despite the doom and gloom of 2020, and the dire outlook for ransomware moving into 2021, Greg Martin, GM of Sumo Logic’s Security Business Unit, sees a silver lining. The influx of cyberthreats will usher in the next generation of security professionals, he predicts. “I believe cyber security is a growing industry within IT that is attracting tens of thousands of students globally from a studies and career track perspective,” he said. “I think COVID has strengthened the need for stronger cyber security due to everyone working remotely and digitally and that in turn of course creates more job demands. A perfect opportunity for college grads and interns to capitalize on.”