Security investigators noticed that there was huge increase in the number of ransomware attacks during 2020. According to their findings, the attacks is 7 times more of those that took place last year.
Ransomware attacks are becoming more and more common dangerous in recent years, as cybercriminals mainly target corporate networks, lock them in and demand ransom (often in bitcoin) in order to give the decryption key. A single attack can bring on hackers hundreds of thousands or even millions of dollars.
The criminals most likely take advantage of the new working conditions, where most people work from home. The remote work is associated with an increase in ransomware and other attacks.
However, the most worrying thing is not the increase in attacks, but the development their. The hackers they use new techniques. Some forms of ransomware have disappeared and new ones have appeared. Many of the new ransomware are even more dangerous.
Liviu Arsene, a security researcher at Bitdefender, said many of the ransomware released last year have been restricted. The best known of the new ransomware (which appeared in 2020) are not the same ones that dominated last year.
For example, one of the most popular ransomware during 2019 was GandCrab. However, in the middle of the year, its operators stopped using it, saying that they "took a fortune" from their attacks.
Since then, many other ransomware have appeared. One of them is Sodinokibi (Revil), which is used in highly targeted attacks on big corporate networks and has brought to its operators large sums of money.
In recent months, the hackers steal data before encrypting systems in order to display them on the internet if the victims do not pay the ransom. This tactic works as a form of pressure, and it shows in the future victims what to do if they do not want their data to be leaked.
"If they do, they set an example for everyone else who is infected. Those who do not pay, see them data exposed to them and face a fine in relation to the GDPR. Anyone who gets infected afterwards will see that the attackers are serious", Arsene explained.
The researchers also said that while most of the time we deal with ransomware attacks by specialized gangs (eg Sodinokibi and DoppelPaymer), the ransomware-as-a-service continues to be a problem with ransomware families like Zepto and Cryptolocker to target organizations around the world.
Although these forms of ransomware are (usually) not as advanced as the "big" ransomware, their availability service”Allows even in "low-level" attackers to carry out attacks and make money targeting small and medium-sized businesses.
Ransomware remains one of the biggest threats to them organizations and businesses of all kinds, but there are some simple steps that can be taken to reduce the chances of a successful attack.
Η regular system updates is necessary so that the hackers exploit known vulnerabilities to gain access to the network. Also, organizations need to implement multi-factor authentication.
Finally, one of the most important measures to deal with ransomware attack is make copies security, so that if the systems are encrypted, the data can be recovered.