2020 has been a year of rapid evolution in the threat landscape, especially in ransomware, where threat actors had a huge success in exploiting their targets. While stepping in 2021, enterprises must watch out for ransomware attacks, an exercise that will enable them to secure their infrastructure in times of crisis.
In 2020, many enterprises have failed miserably in controlling ransomware attacks and are crippled by their evolving nature. One of the main factors for the surge in cyber-attacks is the enterprises failing to secure their infrastructure and touchpoints while adopting the remote working model.
2020 has been a great year for cybercriminals, where they took advantage of vulnerabilities that enterprises ignored. Many industries are still dealing with the disruption imposed by the evolving ransomware attacks. “While all organizations remain at risk in part due to the work from home, I believe healthcare will be the most targeted industry in the next year,” says Drew Daniels, CIO & CISO of Druva. He further adds, “In 2021, ransomware will target healthcare even more so than in 2020. As R&D organizations scramble to find a vaccine for the COVID-19 pandemic, ransomware threat actors will similarly be scrambling to make a profit even more so than before.”
The evolution in ransomware attacks has given rise to attacks that would steal sensitive data by leveraging highly sophisticated techniques. Experts predict that if enterprises fail to invest and make cybersecurity their priority, the attacks will only worsen. According to John Ayers, Chief Strategy Product Officer, Nuspire, “The shift in how we do business because of COVID-19 will have lasting effects on security. We will see more Target breach scenarios and breaches of over 1 million records, which will increase breach fatigue among consumers.”
Hence, to put a stop to the emergence of ransomware attacks or at least minimize their impacts, enterprises must watch out for some specific threat challenges.
Currently, it is one of the biggest ransomware threats in the enterprise landscape. Discovered by Jerome Segura in May 2019, he first named the attack “ChaCha ransomware”. The ransomware hacking group is infamously known for using exploitation kits such as Fallout and Spelvo to deploy the Maze attacks.
The Maze ransomware discloses sensitive information to the public by using a set of methodologies. It encrypts all the files and the hacker group demands a ransom to recover the files; otherwise, it threatens to release the data on the internet if its victim fails to pay the demanded ransom.
A file blocking virus, REvil encrypts its victim’s files after it succeeds in infecting the system and sends a request message explaining that it requires ransom in Bitcoin. If an organization fails to pay the ransom in the given timeframe, the demand gets doubled.
It is among the largest players in the Ransomware family. A type of crypto-ransomware, Ryuk can access a file, device or system by utilizing encryption until the demanded ransom is paid.
Ryuk is infamous for using malware such as TrickBot or other Remote Desktop services to gain unauthorized access to its victim system. It then uses military algorithms such as RSA and AES for encrypting files for using a key for each executable.
The ransomware has been recently discovered and has been written in Java language. Tycoon has targeted several enterprises across various industries from software to education and many more in recent events. The ransomware is unusual as it takes the form of a Trojan version of Java Runtime Environment. The ransomware is compiled in an ImagJ, a Java image format for carrying out malicious activities.
In 2020, the attack has increasingly targeted Windows and Linux by using the Java image format as a part of its attack process. The ransomware uses different approaches that help it hide from its targeted victim.
The surge in the above ransomware attacks has only been possible due to the enterprises failing to implement cybersecurity guidelines. They have been instead investing their resources to keep their businesses afloat, a monumental mistake!
2020 has shown enterprises the consequences of negligence for not taking effective preventive measures. Hence, before stepping into 2021, it is necessary for them to start implementing cybersecurity practices and follow them religiously.