According to a recent survey of CISOs and CSOs, ransomware is the cybersecurity concern that is keeping them up at night in 2021. Sure, all those other cyberthreats are scary, but ransomware’s high potential for destruction and disruption places it firmly at the top of the list for almost half of the executives surveyed.

Ransomware hit hard in 2020, and security experts are predicting 2021 will be even worse. Ransomware operators are refining and evolving their strategies, making attacks more damaging, more targeted, and more difficult to detect before it’s too late.

To help you better prepare for what could turn into a brutal year for cyberattacks, we’ve compiled a list of five ransomware tactics we expect to see a lot more of in 2021.

1. Secondary Extortion

Once content to simply encrypt your data and hold it for ransom, today’s ransomware operators often steal the data first, then encrypt it. This gives the criminals a second leverage point by threatening to expose the stolen company data online if the ransom isn’t paid.

Maze ransomware operators were the first to use this tactic in 2019, publishing the stolen data on their website. More recently, REvil is letting interested parties buy the stolen data from their website.

Other ransomware gangs, such as the Ragnar Locker Team, are taking a novel approach to secondary extortion with a social pressure strategy that includes running Facebook ads to shame the infected company into paying up.

2. Legitimate Tools Used to Bypass Cybersecurity

Certain common tools and applications, such as those used for penetration testing and ethical hacking, can create weak spots in your cybersecurity perimeter. These applications don’t harm systems directly, but they do make it easier for cybercriminals to introduce exploitable code.

This tactic is particularly disturbing because threat detection software is unlikely to flag these applications as problematic. Once the hacker gets past the guards, they are free to explore your systems and find additional vulnerabilities to exploit.

3. Ransomware Gangs and Increased Collaboration

In other disturbing news, ransomware operators have started teaming up and forming gangs to target large corporations. Working together rather than in competition, ransomware gangs share code, infrastructure, and other resources to exfiltrate sensitive financial data and intellectual property many organizations would pay a lot not to lose.

As these gangs become more sophisticated, the time between infiltration and encryption is getting shorter, so detecting a breach quickly—or, better yet, preventing it—is critical. Many of these attacks can be prevented by staying up to date on security patches, yet many companies still fail to make patching a priority.

4. COVID-19

Because a global health and economic crisis wasn’t enough for businesses to worry about, ransomware operators added themselves to the mix by targeting healthcare organizations and COVID-19 research facilities.

A year into the coronavirus pandemic, many employees continue to work from home at least part time. The remote workforce has expanded security perimeters outside the safe confines of company firewalls, creating a vast number of new and unknown vulnerabilities.

Cybercriminals are taking full advantage of less-secure home networks, remote access weak spots, and distracted workers falling for pandemic-themed phishing campaigns.

5. Wide Range of Ransomware Business Models

As in traditional, non-criminal industries, different ransomware operations are classified by size and level of influence—and the range is growing as more operators enter the ring.

Security software leader Sophos has divided ransomware operators into weight classes based on their preferred targets:
Heavyweight: Attack large enterprise networks
Welterweight: Attack public safety and local government organizations and small-to-medium businesses
Featherweight: Attack individual computers and home users

In 2021, we will see both ends of the ransomware spectrum grow, evolve, and cause a lot of expensive headaches. The big guys, like Ryuk and Ragnar Locker, are getting better at extorting money from giant corporations and healthcare systems with leakware attacks. The smaller, entry-level operations like Dharma are turning to ransomware-as-a-service to make the dream of running your own ransomware attack possible for everyone. In between, there is plenty of opportunity for mid-size ransomware gangs to shut down a public school system or disrupt federal government services.

We will be dealing with the fallout from 2020 for a long time, but we can take the lessons we learned and apply them to prevent similar crises in the future. Cyberthreats are getting bigger and bolder, and we have to proactively address our known and unknown vulnerabilities as we navigate the next chapter.

In 2021, it’s more important than ever for businesses to implement a multifaceted defense that covers everything: endpoints; servers; public, private, and hybrid cloud; email; network gateways; and secure backups.

Download Your Guide to a Ransomware-Free Future to learn how to create a cybersecurity and data protection plan that will evolve to meet new and emerging ransomware attack strategies.

Download Your Guide to a Ransomware-Free Future