Ransomware 2020: Notable Attack Trends
2020 has been a strange year: an unpredictable election in the USA, wildfires across many countries, and (of course) the pandemic. While it’s lesser-known to the public than the aforementioned events, in the world of cybersecurity, the pandemic has led to a rapid and dramatic increase in the number of successful cyberattacks. Many analysts have worried that this will add to the economic devastation the virus has already caused to the global economy.
And yet, the more things change, the more they stay the same. As we pointed out during cybersecurity awareness month, and in our threat bulletin for 2020, most of the attacks we saw in 2020 were similar (or at least of a similar type) to those of recent years. Ransomware, in particular, is slowly becoming the number one threat for businesses of all sizes, and this trend has continued in 2020.
In this article, we’ll take a look at how and why the ransomware threat is growing and developing, and what it could mean for cybersecurity as we go into 2021.
The Rise of Ransomware
The clearest trend, when it comes to ransomware, is this – that it’s on the rise, and looks set to become an even bigger menace in future years. We’ve seen increases in the number of ransomware attacks every year for a decade now, and this form of attack only seems to get more “popular”.
That’s not to say that the ransomware threat isn’t evolving and becoming more sophisticated. As we detail in our report on the state of ransomware in 2020, both the infiltration vectors and mechanism used in these attacks is diversifying quickly. Phishing has long been the primary means for loading malware onto target machines, for instance, but the rise of remote working in the past year has also led to an increased number of attacks on Remote Desktop Protocol, a system which had a poor security record to begin with.
The types of devices exposed to ransomware is also diversifying. Today, more than 50% of business computing devices are mobile, and many enterprises have also seen huge growth in their Internet of Things (IoT) infrastructure. These changes are now posing new challenges to enterprise network security, particularly as cybersecurity engineers try to secure their endpoints in BYOD environments.
The trends we’ve mentioned above will be familiar to system administrators and network engineers in the private sector. However, in 2020 we’ve also seen that ransomware has started to affect systems and organizations far outside private enterprise.
One of the most worrying trends of 2020 has been the increased level of ransomware attacks against the healthcare sector. In 2020 alone, more than 750 healthcare providers were impacted with collective recovery costs nearing $4 billion.
These attacks came in multiple variants, and used varying mechanisms. Wood Ranch Medical in California, as an example, closed its doors after management came to the conclusion that it would be impossible to rebuild electronic patient medical records following a devastating ransomware attack.
Threat actors are also double-crossing ransomware victims by exfiltrating their encrypted data. Last December, Canadian firm LifeLabs paid a ransom to recover personally identifiable information for nearly fifteen million patients.
This trend is particularly concerning because many organizations in the healthcare sector are simply unprepared for the sophistication of these threats. In other words, hackers in 2020 know a soft, inexperienced target when they see one, and it appears that the healthcare industry is now becoming one of their favorite victims.
A final trend of ransomware for 2020 is less obvious than increased attack levels or the targeting of new industries. This is that ransomware hackers in 2020 appear to have a new-found confidence in their activities and in their ability to escape punishment for their crimes. This should be easy to believe when you consider that it takes an average of six months for enterprises to realize that they have even been hacked in the first place.
In 2020 we saw a number of state-sponsored cyberattacks that were easily traced to specific perpetrators, and which were also all but admitted to by them. This year, in fact, we might have seen the future of cyberwarfare: a world in which states are free to target each others’ economic infrastructure without fear of the consequences.
This lack of fear has also translated into the world of ransomware. Ransomware as a service is now an accepted part of the threat landscape, and the “sector” is growing in popularity. Similarly, there are worrying signs that the widespread move to smart cities in the West will leave critical infrastructure open to attack.
Up until now, smart cities had been protected by one of the unwritten rules of hackers – that civilian infrastructure was off-bounds. With states targeting each others’ energy and commercial infrastructure, it is only a matter of time before we see a successful, high-profile attack on a smart city.
Let’s not overstate the risk, however. While it’s true that ransomware is on the rise, and that we see more successful attacks each year, there are also signs that enterprises and consumers are better prepared for them than ever before. The smartphone security market is booming, for instance. This is why there is now a widespread acceptance in many sectors that secondary, encrypted backups of all mission-critical data must be kept in order to counter the threat of ransomware.
These are encouraging signs. Ultimately, however, a more comprehensive and nuanced approach to cyber risk management will be needed if they hope to survive and continue delivering quality care. BlackBerry stands ready to help, offering the cybersecurity solutions and consulting services healthcare organizations need to transition seamlessly from a reactive to a prevention-first security posture. Read on to learn more.
Find out more about the BlackBerry MSSP Partners Program here.