By now, you’ve likely heard about ransomware. Perhaps you’ve read some of the stories hitting the news and are doing your best to keep safe. Here’s what you need to know in 2021.
1. Ransomware Attacks Are Rising
When we look at the attacks on Colonial Gas or the Irish healthcare system (HSE) and many others this year, it is apparent ransomware attacks are on the rise. Many organizations need to prepare or update their security plans to protect themselves.
According to a report from CyberEdge Group, ransomware attacks in 2021 have increased by 6% from last year. Many are wondering why the attacks continue to rise. One theory is that the percentage of victims paying the ransom and recovering their data is at the highest point, rising from 66.8% in 2020 to 71.6% in 2021.
How Does Ransomware Work?
Ransomware can enter your network through many ways that appear innocent, but once activated, it spreads throughout all connected devices stealing data and encrypting files as it moves through the network.
One method of infiltration is known as social engineering. Victims are enticed into downloading malicious software from the web. Cybercriminals leverage what is called “malvertising” (malicious advertising) that activates malware executables once clicked, launching the ransomware.
Still, no matter the method, ransomware leaves a network devastated if the company is unprepared. It can take weeks or even months to restore everything to its original state.
2. Why Paying the Ransom Is a Bad Idea
Often paying the ransom appears the fast and easy route to getting your data back, restoring your network, and getting back to business. Still, most experts warn that paying the hackers doesn’t necessarily guarantee you’ll regain access to the encrypted data. Besides, cybercriminals can still leak or sell your private information online.
Deciding to pay the ransom is one that businesses should only take after considering all the risks.
3. The Cost of a Ransomware Attack Is Increasing
A $12,000 payment to extortionists was an inconvenience a few years ago, but today ransom payment amounts are soaring. For example, the University of California San Francisco paid $1.14 million to recover its files. TechTarget says ransom payments have gone up by 43% when compared with the fourth quarter of 2020.
Meanwhile, the costs associated with removing ransomware are similarly large.
Since most businesses now survive on data, a company is in a black hole without access to its information. Customers are stranded, and everyday business processes are at a standstill.
Everyone wants the problem gone, and it’s why companies are more likely to pay.
4. Ransomware Attacks Fall Into Four Categories
![](https://thebetterparent.com/blog/wp-content/uploads/2021/06/dangerous-ransomware.jpg)
Tactics cybercriminals use in ransomware attacks may differ. Still, the ransom request is always present. There are four categories of ransomware you should know of to protect your systems.
1. Crypto Ransomware
The threat actors using this type of ransomware target the most valuable files on its victims’ systems to encrypt them. It prevents any access until the victim meets the hackers’ demands and the cybercriminals hold the decryption key until that time.
2. Locker Ransomware
Rather than encrypting its victim’s files, this type of ransomware locks an organization out of all related devices until the ransom demands are met.
3. Scareware
Scareware is not ransomware at all. It uses manipulation tactics that make users download or buy infected software. The threat operators also use it to distribute ransomware and fraudulent notifications that appear to come from law enforcement.
4. Leakware
Cybercriminals use this type of threat when they steal a business’s data. They will then threaten to publish it publicly if the ransom isn’t paid. Leakware isn’t specifically ransomware, but the methods used by the threat actors to extort businesses are similar.
5. These Are the Most Dangerous Ransomware Variants
![](https://thebetterparent.com/blog/wp-content/uploads/2021/06/5-Variants-Ransomware.jpg)
Ransomware attacks are doubling in number, according to security researchers. Due to a shift to remote working since the beginning of the COVID-19 pandemic, 2020 saw the number of ransomware attacks double.
Maze Ransomware
Security analysts initially called Maze Ransomware “ChaCha ransomware,” which made its first appearance in 2019. Jerome Segura discovered Maze, and it is likely the most renowned ransomware threat.
The ransomware operators demand the ransom to recover the files after it encrypts them all. It is infamous for its new attacking approach because it uses various methods to publish its victims’ private data publicly.
REvil Ransomware
REvil is distributed using several methods such as exploit kits, malicious spam emails, and RDP vulnerabilities.
The operators tell their victims that they must make a payment in bitcoin to get a decryption key in a message. If the victim doesn’t pay it in time, they double ransom.
The REvil group has become renowned for its targeting of many prominent celebrities. It has also leaked their private information online.
Ryuk Ransomware
The Russian eCrime group called Wizard Spider operates Ryuk Ransomware. The ransomware uses a two-part system.
After leveraging a dropper to place the Ryuk malware on the victim’s system, the Ryuk executable payload encrypts the files. The Ryuk operators solely target large organizations that can afford high payouts in ransom fees.
Ryuk first made an appearance in August 2018 and was developed by Korean hackers. According to ZDNet, they list Ryuk is one of the most profitable ransomwares.
Tycoon Ransomware
This comes compiled in a Java image format, known as ImageJ, and attacks Windows and Linux systems.
Hackers leverage a trojanized form of JRE to spread Tycoon ransomware. Many say this is an odd method not observed in other types of ransomware. The ransomware disables anti-malware software once inside a network to remain undetected until its attack is complete.
NetWalker Ransomware
Netwalker first appeared in 2019 and was developed by a cybercrime group called Circus Spider. Like most other types of ransomware, Netwalker enters a network via a phishing email and proceeds to encrypt and exfiltrate private data that it holds for ransom.
The group also leaks some of the data online to show that they are serious, should a victim delay meeting their demands. In March 2020, the operators shifted to a Ransomware as a Service (RaaS) model to expand their affiliate network. The move is allowing them to operate on a much bigger scale.
The State of Ransomware in 2021
In 2021, protecting organizations against ransomware has become the focus for many tech teams. FBI Director Christopher Wray said the current onslaught of attacks is similar to the challenge they faced in the terrorist attack of 9/11. The good news is that many organizations and governments have now banded together to disrupt these criminal activities.