Ransomware 2021 has evolved. Are you keeping up with network security?


As we head deeper into 2021, it’s beginning to feel like there’s a light at the end of the tunnel and we can all take a deep breath. 2020 was a tumultuous year, one marked by a global pandemic, natural disasters and civil unrest. Last year also saw record number cybercrime complaints, with the FBI receiving a record-breaking 791,790 reports totaling over US$4.2 billion. While there is optimism that we’re rounding the corner on the pandemic, it’s not the time to become complacent about cybersecurity.

Specifically, ransomware cyberattacks exploded in 2020, taking advantage of the unique circumstances brought on by the pandemic. In 2020, cybercriminals particularly took aim at healthcare, educational institutions and local governments with ransomware. The attack on Blackbaud, a cloud computing vendor that provides services for nonprofits, foundations, corporations, education institutions, healthcare entities, and change agents, is estimated to have impacted more than two dozen providers and well over 10 million patients.

Institutions such as the University of Utah and Michigan State University were also targeted by bad actors. While the University of Utah paid over $450,000 to prevent information from being released on the dark web, Michigan took another approach and refused to pay the ransom, despite threats to release student records and financial documents.

Attacks on local governments such as Tillamook County, Ore., The City of Lafayette, Colorado, and La Salle County, Ill., limited access to documents and critical information with ransom or recovery and mitigation costs ranging from $300,000 to approximately $500,000.

According to CISA (Cybersecurity & Infrastructure Security Agency), “ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” The attacker then demands a ransom in order to release the locked up system, or threatens to publish the data, including personal information and company data, if the ransom isn’t paid.

These cyberattacks are typically carried out using a misleading file or link disguised as a legitimate file. The user then unsuspectingly downloads or opens the malicious file unleashing the attack. Attackers count on these unsuspicious clicks and other lapses of judgement; it’s been estimated that 95% of cybersecurity breaches are caused by human error.

As we settle into 2021 with guarded optimism, it’s important that companies don’t turn their backs on cyberattacks, as they are ongoing and there’s no vaccine for them. While dealing with everything else that 2020 brought, companies did appear to be aware of the increase in cybercrimes. As Untangle’s 2020 SMB IT Security Report shows, 75% of respondents said that recent security breaches and ransomware attacks in some way affect the way they view their security roadmap.

While companies are aware of the prevalence of cybercrimes, there are still barriers to implementing the right network security solutions. Budget constraints and resources top the list of hurdles, with almost 65% of respondents to Untangle’s 2020 SMB IT Security Report saying their IT security budget is less than $5,000. Compounding those barriers, according to almost 25% of respondents, are employees who don’t follow network security policy and rules and can take down a system with a click.

Not only are malicious attacks continuing, but they’re also becoming bolder, more sophisticated and targeting people’s fears. Ransomware is evolving and being tweaked by its developers, making it harder to be detected by antivirus programs. The 2021 versions of ransomware are AI fueled attacks with some that are now developed to go after entire networks. Bad actors are also capitalizing on the pandemic with phishing scams centering around the Covid-19 vaccine and luring victims to click. At the end of this, attackers are also demanding more money and, in some cases, enacting a double extortion threat after the initial ransom is paid.


What can businesses do to protect themselves from ransomware attacks?

  1. Develop a cyber incident response plan.
  2. Block ransomware using technology such as a Next Generation Firewall, which scans all network traffic for ransomware, and blocks it before it can get a hold on devices.
  3. Continually train and remind employees on how to recognize attacks and of the correct actions to take to avoid activating ransomware attacks.
  4. Ensure your network is designed to isolate and minimize a ransomware attack. Segregate networks by setting up separate networks for different types of usage and/or roles. For example, have a guest network that is completely separate to the main network.
  5. Backup your data. If your data is backed up, even if ransomware cripples the network or requires a complete reinstall on devices, a backup can revert the machine to the data it had on it the day before the attack, minimizing losses.
  6. Keep your operating system up-to-date and apply patches when they’re released.

While 2021 may bring some positives, it’s not the time to relax regarding ransomware attacks. However, with knowledge, preparation, technology and training, companies can be prepared for what’s next.