Ransomware is a form of malicious software used to infiltrate company networks to steal sensitive data and hold it for ransom. Every year it is a cyber threat that gets worse and worse, by both level of complexity as well as volume of attacks. Of course, 2021 will be no different. The rest of this article will be used to dive into just a few of the many, many trends anticipated for the year to come.
With a change in the President of the United States, many things will change in some way or another. The Biden administration has indicated that they will have a hands-on approach and hopefully, a refined level of focus on cybersecurity. The governmental stance on whether to pay the ransom or not has varied over the years, but this administration has signaled that it will take a clear stance on this issue and will also pursue ransomware distributors in order to stop and prosecute these attackers. Additionally, even though the election is over with, it can be expected that malicious actors will use politically-themed phishing scams in order to breach networks and infect them with ransomware.
The cyber attack of ransomware is based in extortion — a company must pay up in order to retrieve their vital information. This is the essence of this attack. However, in 2021, it is expected that these attackers will grow to be even more malicious and rather than simply keeping company data should the business fail to pay up, hackers are now threatening to leak vital company data. This makes the threat of ransomware even more daunting as the victim’s data now has the potential to be available to far more people.
The ESET Chief Security Evangelist, Tony Anscombe, has said about the issue, “Companies are becoming smarter, deploying technologies that thwart attacks and creating resilient backup and restore processes, so the bad actors need a ‘Plan B’ to be able to monetize their effort and build resilience into the attack, rather than being reliant on a single form of threat. Thwarted attacks or diligent backup and restore processes may no longer be enough to fend off a committed cybercriminal who’s demanding a ransom payment. The success in monetizing due to a change of technique offers cybercriminals an increased chance of a return on investment. This is a trend that, unfortunately, I am sure we will witness more of in 2021.”
It is clear that ransomware will need to be one of the threats at top of mind for cyber teams at all companies when they visit their 2021 defenses.
Ransomware in 2020 took no prisoners — malicious actors targeted schools, hospitals, and government organizations among a plethora of other categories. In 2021, it is expected that these industries will continue to see ransomware attacks being pummeled at them. As the pandemic continues to plague the globe, healthcare is anticipated to be a continued heavily targeted segment. Hospitals are in an incredibly stressful time between dealing with COVID patients, trying to get the vaccine for the virus out to all essential workers and those at heightened risk, and trying to treat others who aren’t affected by the disease but are in need of medical attention. Many hospitals do not have the capital or people to protect their networks with as much care as is needed. Cybercriminals, being relentless and plain old mean people, are aware of this precarious situation and will continue to attack hospitals in 2021, particularly during those months in which the pandemic continues.
Many of us have a growing collection of IoT devices gathering in our homes — between camera doorbells, smart assistants like Alexa and Siri, as well as connected appliances, nearly every room of our homes has some aspect of IoT within it. While these devices can make our lives easier, they have innate security flaws in that many are not built with security in mind. Because of this, they are easy targets for cybercriminals seeking ransomware as their desired crime.
IoT is not only a major piece of our personal lives, but particularly with the shift to remote work in response to the COVID-19 pandemic, more and more IoT devices are being welcomed into our work lives as well. With anticipation of the pandemic hopefully coming to a close sometime in 2021, the shift back to on-site work is expected to bring with it, IoT devices coming back from our homes to the office. Reconnecting these devices to work networks is expected to be another way for cybercrminals to infiltrate with ransomware.
We will see over the next 11 months if these really are the routes the cybercriminals will venture in order to take companies and their crucial data hostage — one thing can be known for sure, malicious actors will not relent and they are constantly evolving right alongside advancements in cybersecurity.