Ransomware is one of the fastest growing threats in cybersecurity, with global damages predicted to reach £15 billion by 2021, up from £262m in 2015. Attackers will in 2021 target companies under pressure from the post-pandemic economic recession and they are more likely to cave to ransom demands.
Conventional ransomware attacks work by denying an organisation access to its own data until it pays a ransom. In 2020, however, we have seen attacks grow in sophistication.
The developers of Maze ransomware, for example, have begun taking copies of data and threatening to release it publicly. Others, such as REvil, threaten to delete it entirely.
The business of ransomware is also changing. We are seeing actors ramping up demands – in some cases, seeking payment of one sum in five days, but then demanding more every few days after. Some groups charge an organisation to unlock access to its data, but also go on to sell data they have harvested, giving them a revenue “double dip”. Attackers are also shrewd businesspeople, carefully pricing their demands so that paying them off is a rational, if unpleasant, commercial choice.
In 2021, we will see an increased trend away from a “spray and pray” approach to ransomware attacks to ones known as “big-game hunting”. This is where attackers focus their efforts on victims that can yield a greater financial pay-off.
There will be bold cyber strikes on wealthy organisations by major e-crime organisations (known as “SPIDERS”). These include INDRIK SPIDER, which runs Dridex, and WIZARD SPIDER, the Russian-based operator behind the TrickBot banking malware and Ryuk.
Groups such as these have already seen huge revenues from ransomware attacks. WIZARD SPIDER is thought to have netted around 695.80 Bitcoin, with an approximate value of £2.7m, since 2018. Meanwhile, the BOSS SPIDER group, thought to be based in Iran, received more than $6.7 million (£5.1 million) between 2016 to 2018.
In 2021, organisations will become more vulnerable to attacks because many of their employees will be using home internet connections, many of which are far less protected than corporate networks. This will increase the chances of actors gaining entry to an organisation’s systems, but it also raises questions of liability.
Who is responsible if someone’s home network is taken out as collateral damage during an enterprise hack? In 2021, we will all have to agree that “everything this side of the firewall is the business’ responsibility”.
While 2021 will be a boom time for ransomware attackers, solutions such as cloud-delivered, AI-driven security that can react in real time will help us defend ourselves against them. But all enterprises will also have to look hard at their cybersecurity measures and understand that “good-enough security” isn’t good enough at all.
Michael Sentonas is CTO of CrowdStrike