2020 Cyber Attack Trend: Ransomware

2020 saw ransomware bribes reach $40 million. What is ransomware, who did it target the most in 2020, and how can we defend against it?

Ransomware attacks hit hard in 2020, particularly the professional services, healthcare, and technology industries. According to Kroll, ransomware accounted for one-third of all cyber incidents and continues to evolve.

Ransomware is a hacking attempt involving a malicious actor infecting or taking over a device or network with malware and demanding a ransom to restore functionality. It’s a tried, true, and lucrative method of making money for hackers, who only need to utilize traditional hacking tools, malware, and phishing to compromise a network. Ransomware typically relies on phishing attacks, because they can distribute infected email to numerous targets with little effort or cost. Even if a small fraction of 500,000 people fall victim to a scam, it’s still extremely profitable for hackers, who rely on automation and bots to keep labor costs down.

In a traditional attack, a user receives an email message with a malicious attachment. When opened, it installs malware that encrypts data on the computer and any connected network drives. The only way to decrypt the data is to pay the ransom in bitcoins; the alternative is to restore all files from backup. While backup restoration works in some cases, not all organizations can afford the investment of time and money: days and thousands of dollars in lost productivity. Others don’t have dependable, current backups to rely on and have no choice but to pay the ransom.

Garmin, for instance, is reported to have paid a multi-million-dollar ransom in 2020 to restore its files and systems. Carnival, the world’s largest cruise ship operator, experienced a ransomware breach that exposed customers’ personal information. Possibly the most shocking ransomware story of the year involved automotive giant Tesla: an honest and fast-acting employee turned down a $500,000 bribe to thwart the attack.

To protect against ransomware attacks, organizations must develop a strong culture of security awareness. Phishing attacks are prominent and sometimes difficult to detect, but with regular training, employees will be able to identify and report them much more easily. Companies in every industry, and of all sizes, should develop strong information security programs, including plans for remediation and user education, to avoid becoming ransomware victims. Performing annual vulnerability and penetration tests and implementing multi-factor authentication to limit system access can also go a long way in the fight against ransomware.