Ransomware: Huge rise in attacks this year as cyber criminals hunt bigger pay days

Researchers warn of a seven-fold rise in ransomware attacks compared with last year alone - and attackers are continually evolving their tactics.
Written by Danny Palmer, Senior Writer

There's been a huge increase in the number of ransomware attacks over the course of 2020, with a seven-fold rise in campaigns compared with just last year alone, according to newly released data from cybersecurity researchers.

Ransomware attacks have been on the rise and getting more dangerous in recent years, with cyber criminals aiming to encrypt as much of a corporate network as possible in order to extort a bitcoin ransom in return for restoring it. A single attack can result in cyber criminals making hundreds of thousands or even millions of dollars.

It's something that cyber criminals have been capitalising on despite the changing working circumstances with more people working remotely during 2020, with Bitdefender's Mid-Year Threat Landscape Report 2020 claiming a 715% year-on-year increase in detected – and blocked – ransomware attacks.

SEE: Security Awareness and Training policy (TechRepublic Premium)

Not only has the number of ransomware attacks increased, but ransomware has continued evolving, with some of the most popular forms of ransomware last year having disappeared while new forms of ransomware have emerged. In some cases, these are even more disruptive and damaging.

"Looking into the evolution of last year's ransomware families and how they've changed this year, most of them have actually gone down in numbers. This year's popular ransomware families are not last year's popular ransomware families," Liviu Arsene, global cybersecurity researcher at Bitdefender told ZDNet.

For example, one of the most prolific ransomware threats during 2019 was GandCrab – until its operators shut up shop during the middle of the year, claiming to have made a fortune from campaigns.

Since then, new families of ransomware have emerged, including Sodinokibi – also known as REvil – which while not a massively prolific campaign, is a highly targeted operation that has made large amounts of money from disruptive, often high-profile ransomware attacks.

In many cases, hackers are following through with threats to leak data they've stolen in the run-up to deploying the ransomware attack if the victim doesn't pay – something that might strike fear into future victims and encourage them to give into the extortion demands more quickly.

"If they do that just once, they set an example for everyone else who becomes infected, because those who don't pay end up with data leaked and a GDPR fine. Everybody else who gets infected afterwards is going to see the attackers are serious," Arsene explained.

While ransomware from specialist cyber-criminal gangs such as Sodinokibi and DoppelPaymer grab the headlines, ransomware-as-a-service has continued to be an issue for organisations around the world, with ransomware families like Zepto and Cryptolocker causing problems.

SEE: Cybersecurity: Four ways you can keep the hackers away

While these forms of ransomware might not be as advanced as the most high-profile versions, their availability 'as-a-service' allows even low-level attackers to deploy attacks in an effort to illicitly make money, often from smaller and medium-sized businesses that feel they have no other option but to pay.

Ransomware remains a major cyber threat to organisations and businesses of all kind, but there are relatively simple steps that can be taken to avoid falling victim to a ransomware attack.

Ensuring that security patches are applied as soon as possible helps prevent hackers from exploiting known vulnerabilities to gain a foothold inside the network in the first place, while organisations should also apply multi-factor authentication across the ecosystem because that can prevent hackers moving across the network by gaining additional controls.

Organisations should also regularly backup their systems, as well as testing those backups on a regular basis as past of a recovery plan, so if the worst happens and ransomware does infiltrate the network, there's a known method of restoring it without the need to pay cyber criminals.


Editorial standards