12 January 2021

The five trends driving ransomware tactics

Ransomware attacks continued to increase in 2020, and 2021 looks set to follow the trend. Unfortunately, the past 12 months has seen substantial evolution in ransomware tactics, as attackers look to improve their results.

In this post we look at 5 key ways this critical cyber threat is evolving.

Cost is increasing

The ransom is increasing: in 2018 the average ask was $5,000, in 2020 it had increased to $200,000. Even multi-million dollar ransoms are becoming common — November saw Campari hit with a $15million ransom, and earlier in the year US law firm Grubman Shire Meiselas & Sacks received a massive $42million ransom.  

Even insurance companies are feeling the pinch, with loss ratios (in the US) increasing from 35% to 45%, and some companies starting to require increased assurance for cover, or even getting out of the ransomware cover business altogether.  

With that kind of ramp up, ransomware is becoming a serious financial risk.

Data exfiltration an expected add-on

As companies are learning to keep back-ups to recover from a potential ransomware attack, threat actors are learning to adapt their attacks. Increasingly, data exfiltration is part and parcel of ransomware attacks, putting pressure on companies to pay a ransom not just to unlock their system, but to ensure that stolen data is not sold or made public. Ransomware has always been about profit, and it looks like threat actors are finding new ways to milk a single data breach.

One hack, multiple victims

And the flow-on of this tactic is, not content with simply holding a company to ransom, the criminals have started to hold customers/clients of their corporate victims to ransom. A particularly worrying example of this is patients of a Finnish psychotherapy centre being told they could pay €500 to have their records unpublished from the dark web.

No-go zones are gone

Hackers have learnt that different industries have different vulnerabilities and there has been a consequent growth in the number of industries that are being targeted by ransomware. There was a time when healthcare and other critical systems were off-limits, even to ransomware attackers. Sadly, this is no longer to case, with a spate of attacks on the US hospital system and an attack on a Thai hospital just in the last few months.

This trend shows that the callousness of ransomware threat actors is increasing, and the ‘innocent lives’ line in the sand is being washed away.

Ransomware attackers love the limelight

It seems that public gloating is not just the preserve of movie baddies. Lately there have been several examples of ransomware groups advertising the success of their hacks in order to put more pressure on their victims to pay the ransom. Campari’s aforementioned ransom attack and Facebook advertising of same is one recent very public example, but it’s not the only one. Traditionally companies have liked to control the story on cyber-attacks and data breaches, but even if you pay up, there’s really no guarantee that the hack won’t be publicised by the attackers.

Photo credit: Pietro Jeng on Unsplash.