State of Ransomware in 2021

In our previous blog on ransomware, we demonstrated how the ransomware trend has gone up during the pandemic. Many new and older ransomware families have been detected targeting victims in the wild. This blog further illustrates the state of ransomware in 2021. 

Overview

Ransomware is spreading beyond the realm of cybersecurity. It’s all over the news these days. It has grown in popularity as cybercriminals increasingly target critical infrastructure providers that cannot afford any delay or disruption from a cyberattack, such as financial and transportation corporations, as well as power and healthcare networks.

Furthermore, according to a study, the fastest-growing type of cybercrime will target a business, consumer, or device every 2 seconds by 2031.

Attack Vectors Used In Ransomware Attacks

Although end users are gradually gaining awareness about phishing tactics used by threat actors, phishing emails still continue to be the most popular attack vector in cyber attacks. Several attack vectors were used in the Ransomware attacks in 2021. Of these, file downloads from malicious emails topped the list of ransomware attack vectors used by cybercriminals to harm organizations. 45% of attacks were conducted using malicious email attachments, and remote attacks on servers were seen in 21% of the attacks.

Also Read: Ransomware Attacks Surge in COVID19

Attack Vectors Trends — 2021

Apart from these attack vectors, Coveware tracked over time the usage of common attack methods used by attackers in ransomware attacks. It shows that in the organizations surveyed, the RDP (Remote Desktop Protocol) compromise was a major attack vector. Phishing emails were also used in a considerable number of attacks, whereas the exploitation of vulnerabilities was used in comparatively less number of ransomware attacks.

Attack Vectors By Company Size

Moreover, if we look at the company size, the RDP compromise seems to have been easier to achieve in smaller companies. 

As the size of a company grows, so do its cybersecurity measures and therefore large enterprises are hard to intrude through RDP compromise. On the other hand, as shown in the chart below, phishing emails were used in very few attacks targeting smaller companies, as they do not operate via lots of emails. As the size of the company grows, email becomes the standard mode of communication, and hundreds of emails are sent in enterprise environments per day. Therefore, phishing emails have become a popular attack vector for larger organizations..

Top Ransomware Observed — 2021

The top ransomware observed in 2021 include SNAKE, REvil, and Dridex. From these three, the most active in the region were REvil aka Sodinokibi. This can also be seen in the Rewterz Threat Intelligence Report 2021. 

Ransomware Attacks By Country — 2020

Moreover, ransomware attacks hit organizations in different countries to varying degrees. According to a comparative ransomware study across 26 selected countries, the following results have been obtained. 

As the survey includes countries from different regions, the highest number of organizations hit by ransomware in 2020  happen to be from India. 

Ransomware Attacks By Industry (2021)

In 2021, attacks on the government, education, manufacturing, and healthcare sectors are increasing continuously in frequency. 

Ransomware Attacks by Success Rate

What’s more concerning about these ransomware attacks is the fact that they have a high success rate of file encryption. Once a ransomware attack is successful, a confidentiality breach is a major risk if organizations choose not to pay the ransom amount.

Predicted Ransomware Damages

As the ransomware attacks get stealthier, causing more damages than ever before, cybersecurity experts estimate that the global costs will reach $20 billion by next year. This represents a significant increase above their previous estimates of $8 billion in 2018,  $11.5 billion in 2019, and $20 billion in 2021.

Vulnerabilities Exploited in Ransomware Attacks

2021 CVEs

In 2021, cyber attackers continued to target perimeter-type device vulnerabilities. Companies should prioritize patching for the CVEs listed below that have come under active attack thus far in 2021.

• Microsoft Exchange: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 
• Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900
• Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104
• VMware: CVE-2021-21985
• Fortinet: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591 

Also Read: NetWalker Ransomware Exploits Vulnerabilities to Target Corporate Networks

Conclusion

Ransomware attacks are highly popular among cybercriminals because they allow them to make money illegally. Since ransomware attacks let cybercriminals make illicit financial gains, they are a common form of attack utilized by them. The trend line for ransomware attacks is always growing. Cybersecurity experts predicted that ransomware attacks will target businesses every 11 seconds. Hence, it is important to keep an eye on the latest ransomware attacks trends and techniques to avoid being on the headlines for an upcoming ransomware attack. It is also important to block the possible points of intrusion and minimize the risk of infection by limiting possibilities for the above-mentioned attack vectors. Moreover, it is crucial to utilize the latest threat intelligence regarding ransomware families to fortify your defenses against ransomware attacks. It is also advised that all susceptible assets be patched as soon as a manufacturer provides a patch to address a vulnerability.