Evolving ransomware attacks will grow in frequency and sophistication in 2021

Published: Wednesday, 06 January 2021 09:27

Successful ransomware attacks will continue to grow this year due to increasingly sophisticated tactics. This is according to research from Databarracks, revealing ransomware attacks on UK businesses have increased by 26 percent since 2018.

According to Peter Groucutt, managing director of Databarracks, new ransomware tactics deployed by criminals will result in more successful attacks on organizations in 2021:

“Ransomware is evolving. Cyber-criminals are deploying more sophisticated and innovative ways of extorting businesses and evidence shows this will escalate over the coming year. Outright prevention of ransomware is impossible, but it’s important organizations learn from the new methods used by criminals in order to defend themselves.”

Examples of the ransomware tactics now being deployed by criminals include:

To mitigate against ransomware threats, Groucutt says: “More companies will pay ransom demands, as the sophistication of attacks increase. But paying a ransom does not guarantee you will get your data back. The only way to secure your data is to have reliable backups.”

Groucutt continues, “You must assume that you will suffer a successful attack. From that position, you have two objectives: to quickly detect and respond to limit its reach and to bring systems back online and have the business operational as quickly as possible. It’s critical your incident response team or crisis management team has the authority to make large-scale, operational decisions to take systems offline to limit the spread of infection. The business must then find when the ransomware installation occurred in order to restore clean data from before the infection. Once the most recent clean data is identified you can begin a typical recovery, restoring data and testing before bringing systems back online again.

Groucutt concludes by saying, “This response is contingent on having good backups so it’s vital that they are protected. Firstly, there must be an air gap between your production systems and your backups to prevent ransomware infecting both. Backups should be outside the network domain and you should keep copies in multiple locations or even separate clouds. You can also make your cloud storage immutable to prevent backups being changed by ransomware.”