With the migration to remote work over the last year, cyberattacks have increased exponentially.
We saw more attacks of every kind, but the headline for 2020 was ransom attacks, which were up 150% over the previous year. The amount paid by victims of these attacks increased more than 300% in 2020.
Already 2021 has seen a dramatic increase in this activity, with high-profile ransom attacks against critical infrastructure, private companies, and municipalities grabbing headlines on a daily basis. The amount of ransom demanded also has significantly increased this year, with some demands reaching tens of millions of dollars. And the attacks have become more sophisticated, with threat actors seizing sensitive company data and holding it hostage for payment.
Who’s behind the recent surge in attacks? And how should companies respond to this increased threat? In this article, I’ll outline how ransomware attacks have evolved and what actions companies can take now to protect themselves.
How Ransomware Attacks Have Changed
A few years ago, the majority of ransom attacks involved only the deployment of ransomware. Hackers would gain access through a phishing email that would deploy malware when an unwitting employee clicked on a link. The malware would then encrypt company servers, and the extortionist would offer decryption keys in exchange for a ransom — typically in the five or sometimes six figures.
Many times, the threat actors didn’t even gain access to company information — and sometimes they didn’t even know which company would be the ultimate target. They merely looked for systems to exploit and waited for the pay day. Once the ransom was paid — via Bitcoin or other cryptocurrency — the hackers would send decryption keys to gain access to their servers and even promise not to target the company again.
The game has changed more recently — and has become a massive business for those who perpetrate these acts. According to Hiscox, Ltd., 43% of the more than 6,000 companies it surveyed had suffered a cyberattack in 2020 — up 38% in the 12 months before — and one in six of those attacks was a ransom attack. In 2020, the amount of ransom demanded grew to the mid to high seven-figure ranges, At the end of 2020 and into 2021, we have seen some ransom demands reaching into the tens of millions of dollars.
In addition to the higher demands, the methodology has changed. Attacks are focused on exfiltrating company information — and the more sensitive, the better. These threat actors, who are often highly organized criminal organizations in eastern Europe and elsewhere, have done their research. They understand the company’s financial picture, the industry in which it operates, and how to exploit the company to maximum effect. In addition to deploying malware to encrypt company systems — targeting even the backup systems that are in place — the threat actors conduct reconnaissance of company files, ultimately exfiltrating large amounts of data, a terabyte in many instance