search1 bars

Insights

Ransomware in 2021 – new threats and trends

Ransomware is a major threat to businesses, enabling cybercriminals to effectively lock up a business’s files or IT systems via encryption and demand payment for them to be released.

Cyber criminals were quick to leverage Covid-19 as a way to target their attacks, and these are getting more sophisticated, more destructive, and harder to detect. A recent report found that global ransomware attacks saw a huge increase in 2020, growing 485% compared to 2019.

To help you better protect your business, we’ve compiled this useful list of the latest ransomware tactics and trends.

What is ransomware?

Ransomware is a form of malicious software (malware) that encrypts files and documents on anything from a single PC all the way up to an entire network, including servers.

Some ransomware infections start with someone clicking on what looks like an innocent attachment that, when opened, downloads the malicious file and encrypts the network. Often a ransomware attack will be followed up with demands for money.

New threats and tactics

  1. Clop Ransomware

Clop is a malware that works to encrypt your files and asks you to pay a ransom amount to have them decrypted.  It’s usually sent via spam emails and files will have a .Clop extension.

It is one of the most dangerous forms of ransomware because it is cleverly designed to evade detection by commonly used anti-virus software.

Some of the things you can do to mitigate the risk of infection by Clop ransomware is; use multi-factor authentication (2FA/MFA) to control access to your applications, train all staff to recognise the typical signs of a phishing email and use an email protection service such as Mimecast to stop spam emails before they hit employee devices.

Your IT team or service provider might also use a monitoring system designed for malicious threats like Clop ransomware. These systems use smart technologies such as machine learning to detect threats in real time.

  1. Fake Updates

Fake Updates is a new strategy that cybercriminals are using to trick users into making software updates on their devices. They will send bogus emails asking you to install an update, but as soon as you do, you open doors for hackers.

When installed, the ransomware encrypts your files and demands that you pay an amount of money to hackers. The worst part is that this program is not easily detectable by many anti-malware software.

As well as the security measures covered for Clop ransomware, you can also take a few simple steps such as only downloading apps and updates from well-known app stores. If you get a notification to download a new update, check with your IT team to verify it. Also, try to avoid installing too many apps – stick to a few that you use most often.

  1. RaaS (Ransomware as a Service)

Ransomware as a Service has become increasingly common. This new trend has seen cybercriminals offering their ransomware operations, from delivery all the way through to taking ransom payments, for hire as a service. It means cybercriminals can use powerful ransomware tools in the same way as legitimate software is used under licence – paying a fixed monthly fee, or sometimes in return for a share of the illegal profits.

These kinds of services are a reason why the number of attacks is on the increase, and businesses should be extra vigilant.

  1. Double ransomware extortion

Tactics are evolving, and since last year more cybercriminals have been using a double extortion strategy, which involves stealing sensitive data and threatening to publish it on the internet or in some cases, to the press. This adds pressure for the victim to pay the ransom.

With this new type of threat, keeping systems updated has never been more important. It is also vital that your business has a security strategy that includes the use of data loss prevention tools. These tools can stop the extraction or encryption of the data which initiates these double extortion attacks.

  1. Delayed encryption

During this type of attack, ransomware operators find an “in” to a system, but don’t reveal they are there or encrypt data immediately.

This gives the malicious programme time to poke around and go deeper into the company network. Hackers can gain access to highly sensitive business data, which can be used to demand a larger payment.

The other major problem with this tactic is that the longer the ransomware goes undetected, the greater the chance it will be added to the system backup. This means the backup you carry out to protect your business becomes useless for recovery efforts. Cyber-criminals know that there is a much greater chance of payment if you don’t have a backup to revert to.

Protect your business against ransomware

Having a regular and frequent backup process in place and using a backup technology that is ring-fenced and uses intelligent technology to protect different versions of your data can limit the damage caused by a ransomware attack significantly, as encrypted data can be restored without paying a ransom.

You should also complete operating system and any software updates as soon as possible. Software updates usually contain patches for security vulnerabilities and need to be installed as soon as they’re made available. Speak to your IT team or service provider about installing automatic updates whenever possible to streamline this process.

At the bare minimum, antivirus solutions and firewalls can help to block ransomware, but for additional protection, you should consider advanced threat protection solutions to improve ransomware detection and blocking capabilities.

In 2021, it’s more important than ever for businesses to have a strong defence that covers everything from the cloud, email and your backups. For more information on how to protect your business, download our free e-book – The Business Guide to Ransomware here.

Or contact us at info@auratechnology.com to speak to one of our experts.