Ransomware attacks have continued to increase year over year (YoY) consistently, and new research shows that by June 2021, infection rates grew another 151% over the previous year. 2020 was already a landmark period in the volume of breaches, as was the year before that, and these latest findings indicate heavily that the trend will likely continue. The US remains the hardest hit country, with a lopsided 185% increase, over 40% more than the next national spike (UK at 144%).
First Half of 2021 Saw More Ransomware Than All of 2020
The 2021 SonicWall Cyber Threat Report released a mid-year update on their annual research, analyzing trends that could be identified through the first half of the year. They uncovered that ransomware attack volume had grown exponentially, with a record-setting 304 million attacks documented from January to June. The latter month alone accounted for the biggest spike yet with over 78 million attacks recorded. In the US, Florida accounted for the lion’s share of attack numbers (over 111 million), almost double the rate of the next four states combined (New York, Idaho, Louisiana and Rhode Island).
The report also noted increases in other cyber threats, namely cryptojacking attacks (malware that exploits your computer to mine cryptocurrency) and attacks against IoT (Internet of Things) networks, which are made up of sensor-driven and mobile devices. However, the growth rates of these types of attacks were greater in Europe than the US, meaning ransomware still accounted for the biggest growing threat stateside.
Traditional Malware Decreased as Cyber Extortion Took Over
One of the other more interesting findings in the 2021 SonicWall Cyber Threat Report was a decrease in the number of other types of malware attacks besides those highlighted by the reports. It was also noted that backdoor malware attacks against non-standard ports also declined, and these together indicate a significant pivot away from campaigns against broad targets to narrower, better explored opportunities.
Past Research Reflects Continued Attack Rate Growth
SWK Technologies has covered the ransomware epidemic for years now, and besides how terrifyingly accurate past predictions continue to prove, the research also reveals two primary trends that consistently appear with ransomware YoY. Attack rates have continuously grown, but in periods where they do not rise as much, the methods become even more sophisticated. Occasionally both can be observed, and when looking at the growing rates of infection as well as some of the most high-profile victims, the true extent of the modern ransomware ecosystem starts becoming apparent (more on this below).
Remote Work and Malware Attack Vulnerability
There are many factors at play that contribute to the accelerating shift to cyber extortion tactics among hacker groups, with the 2020 pandemic having perhaps the greatest impact on current attack rates. Ransomware gangs were already collecting numbers and influence among the cybercrime market before COVID-19 forced an explosion in the remote workforce, as well a new desperation for information, removal of centralized cybersecurity and other factors that made victims easier to find. This in turn made the ransom strategy even more of a cost-effective one for hackers of less sophisticated skill levels, who can use techniques already available to scam unsuspecting employees out of their credentials, then use the access to encrypt critical data
The Ransomware Ecosystem in 2021 – Kaseya, REvil and More
The full scope of the extensive cybercrime ecosystem has been revealed little by little in recent years, and some of the recent highest-profile attacks have demonstrated the place ransomware gangs occupy in this wide space. While the aftermath of the Colonial Pipeline incident – where the FBI managed to track down and recover some of the ransom – may have seemed like a major blow at the time, subsequent attacks like the Kaseya breach prove that many groups are still operating at peak capacity.
Cybercrime is increasingly a network as well as its own fully-functioning market, and ransomware gangs stand out like a SaaS startup – the business revolves around a core group of developers who sell the product to affiliates, who take on the leg work and the risk. Those that become big enough can utilize their brand to secure a steady line of accomplices, and continue scaling resources to hit bigger targets. Syndicates like REvil are simultaneously growing more notorious and infamous, and that reputation can itself be leveraged to demoralize and intimidate victims into paying.
Phishing is Consistently the Top Method of Infection
While there is always the risk of a backdoor or brute force vulnerability in your system, the most popular method for hackers using malware is phishing – whether by email, SMS text, phone or any of the other multiple channels cultivated daily. Tricking a user with access into giving up their credentials provides many advantages over other strategies that could more easily alert security monitors or allow the point of attack to be traced back more quickly. Ransomware gangs need discretion, anonymity, and the right balance between calm and desperation in their victims not only to get you to pay, but to also convince you it is not worth reporting to anyone that you were hacked in the first place.
The progressively vicious methods in which hackers are incentivizing payment is a direct response to the pushback by governments and businesses everywhere, as well as also likely to the emerging knowledge that their encryption often irreversibly damages files. Ransomware will decline as the top cybercrime eventually, but until then, the best your business can do is secure the most consistently targeted cybersecurity gap – the human element.
Protect Against Phishing by Training Your Employees
The ransomware epidemic will continue, and either another type of malware or something else that compromises your data will fill in the vacuum when it is gone – but whatever comes next, people will remain the top vehicle for its delivery. Ensuring that your people know the first signs of an attack will protect your business against the broadest range of cybercrime strategies and better secure your first line of defense against all threats.
Sign up here to learn about SWK’s Phishing Defender program, and how it will help you train and prepare your employees for all manner of cyber threats.