What Are We Learning from 2021 Ransomware Attacks?

“What didn’t we learn in 2021?” responded Jerry Nguyen, Director of Security Intelligence and Analytics for Nuspire, when asked about his key takeaways for ransomware attacks in 2021.

Jerry, along with Nuspire’s Chief Security Officer, J.R. Cunningham, and Cybereason’s Chief Security Officer, Sam Curry, discussed their thoughts and shared compelling data on the current state of cybersecurity during Nuspire’s October webinar.

2021 has been, in a word, active. Especially when it comes to ransomware attacks.

“If you look at 2019, we used the term ‘ransomware epidemic’ a bit prematurely, but by 2020, it really took off,” said Sam. “Now in 2021, it’s industrialized. Ransomware is a business model.”

Why ransomware?

Ransomware isn’t a new tactic by any means, but it’s a lucrative one. In fact, 2021 has shown us that ransoms can get into the tens of millions of dollars – particularly among the easy targets where a halt in operations can mean life or death for the business or its end users (think hospitals).

Because ransomware leverages cryptocurrency for payment, which is unregulated and can’t be tracked, bad actors don’t experience consequences. Plus, given they target organizations that can’t afford to lose their data, they often encounter little resistance from their victims when it comes to payment.

“The small silver lining is that there’s an honor among thieves in the ransomware space,” said J.R. “Ninety-six percent of victims get their data back because these attackers know if they don’t release the data, no one will pay the ransoms going forward.”

What have we learned from 2021 ransomware incidents?

In 2021, critical infrastructure, IT companies and telecom continue to be the favorite targets of bad actors. There’s also a concerning rise in double-dipping, where the cybercriminals hold the company for ransom, receive their payment, but then extort the company again to prevent the sale of their data on the dark web.

In addition, there has been a lot of growth of cyber insurance programs to help protect companies against catastrophic financial loss from attacks; however, these programs are getting savvier by the day, and often require a deep dive into a company’s security posture before they’ll extend coverage. And even with coverage, it’s important to remember that a business isn’t fully protected.

“Cyber insurance isn’t enough to keep you safe – you also have to improve your security program,” said Sam. “It’s like paying for life insurance, but not having health insurance.”

What’s the future of ransomware?

“Gone are the days where a cybersecurity practitioner can leave the office on Friday and log off for the weekend,” said J.R. “The speed at which lateral movement occurs can render a business inoperable in minutes.”

That said, what can we expect for the future?

For one thing, the debate of whether to pay or not to pay will continue. Regardless, companies should prepare.

“It’s important to take a look at the business impacts of a potential ransomware attack and how much your company would be willing to pay (if anything),” said Sam. “Trying to figure it out when the attack occurs makes it much harder to clearly assess the situation.”

In addition, legal and insurance firms will become stricter on advice and payout of claims. They want to make sure a business is addressing all of its potential security weaknesses before entering into any agreements.

Finally, legislation and regulation of cryptocurrency and cybersecurity negligence will play an important role in how ransomware evolves. For example, legislation could make it illegal to pay ransoms, which could greatly affect ransomware’s future as a viable exploit.

What are the most effective ways to prevent a ransomware attack?

Prevention alone can’t protect you 100% (it’s important to combine prevention with faster response and recovery times for the exploits you can’t stop); however, you can dramatically reduce your ransomware risk by focusing on the following four things:

1. Endpoint Security (endpoint detection and response; patching)
2. Web & Email Security (email filtering; web filtering against known phishing sites; URL rewriting)
3. Financial Controls (multi-step approvals for wire transfers; additional verification for bank access)
4. Multi-factor Authentication (especially important or privileged accounts; easy to implement and great risk reduction)

Where can I access all the great info shared in this webinar?

J.R., Jerry and Sam covered a lot of important information in this webinar, including items not featured in this article such as their takes on the cybersecurity hiring environment, successful threat detection and response examples, how to leverage indicators of behavior (IOBs) to help isolate threats that look benign and more. Don’t miss any of the details – watch the webinar today.