Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    New Ransomware Trends Causing Fear in 2021

    eWEEK SECURITY ANALYSIS: One criminal group that recently launched several attacks managed to collect about 190 bitcoins, which at the current exchange rate is about $11 million. Being able to bring such big sums, it is highly likely that the number of ransomware attacks will grow.

    By
    David Balaban
    -
    May 3, 2021
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      In this article, we’re going to touch on the most visible ransomware-related trends that have impacted the threat landscape recently. Among them are attacks involving RDP (remote desktop), RAT (remote-access Trojan), threats faced by the health-care system, attacks on remote workers and other things.

      There’s no question that the most serious cyber threat in 2021 is ransomware. There are two main reasons for this:

      • The results of ransomware attacks are visible to everyone, and
      • this area of ​​malicious activity brings cybercriminals really significant income.

      For example, only one criminal group that launched just several attacks managed to collect about 190 bitcoins, which at the current exchange rate is about $11 million. Being able to bring such big sums, it is highly likely that the number of ransomware attacks will grow.

      The damage caused by ransomware already exceeds the results of the actions of APT (advanced persistent threat) groups. In both cases, attackers access the organizations’ online resources using administrator rights and software vulnerabilities. They use various mechanisms to hide their activity and often steal valuable information. However, a ransomware attack also knocks out the entire infrastructure and causes disruption or even stoppage of business processes.

      Ransomware attacks in numbers

      • 51% of companies faced ransomware attacks.
      • 26% of companies paid the ransom to cybercriminals.
      • The average ransom amount in 2020 was $180,000 for big companies.
      • The average ransom amount in 2020 for small businesses was $6,000.
      • A set of software tools needed to launch a ransomware attack costs about $50 on the darknet.
      • A new ransomware attack is detected every 11 seconds.

      The income of APT groups that target financial institutions declined as money mules are unable to fully operate due to the pandemic. Therefore, these hacker teams began to partner with the owners of the ransomware, selling them the ability to access the networks of compromised companies.

      Another trend in 2021 is disclosing or selling sensitive data stolen from victims who refused to pay the ransom. Maze ransomware operators were the first to use this method. Later, it was picked up by other cybercriminal teams.

      One more trend that I continue to observe in 2021 is a decrease in the number of attacks aimed at home users. This happens because the effectiveness of ransomware in this segment is falling. For communication, home users now use mostly instant messengers. They steadily move away from emails, which is the main channel of ransomware infections. In addition, their important data is backed up in the cloud automatically. Overall, the number of desktop PCs is decreasing while the number of mobile devices is increasing.

      Small and big businesses look much more attractive to ransomware authors. The income from attacking them is much higher. It is important to note that for many companies, the ransom payment is just one more expense that can also be covered by insurance. And hackers know the budgets of their victims very well. Pure business needs dictate the decision to pay the ransom. This decision does not carry an emotional connotation. So, all these factors cause the number of ransomware attacks against organizations to grow.

      Maze ransomware

      One of the most active ransomware families now is the Maze ransomware, which has become a trend-setter in its field. These malicious program owners devoted much time to their reputation and actively interacted with the media, commenting on rumors and refuting false information, thus achieving increased publicity. The group formed a pseudo-positive image, calling victims “clients” and offering them technical support. These cybercriminals also pledged not to attack medical institutions and organizations affected by the economic crisis.

      At the same time, Maze operators have created a kind of cartel with operators of other ransomware viruses, exchanging attack tactics and data stolen from victims. They spread their viruses through exploit kits, phishing emails, exploiting vulnerabilities in Adobe Flash, VPNs, and web browsers.

      Other notable ransomware families: Phobos, Sodinokibi, Dharma, Ryuk, DoppelPaymer.

      Remote access Trojans

      Although phishing emails remain the main distribution channel, experts note an increase in the number of attacks using the RDP protocol and remote-access trojans (RAT).

      RAT programs are not talked about as much as ransomware, since their activity is usually not so visible. The key task of the Trojan is to secretly infiltrate the victim’s computer. Modern RAT programs have a modular architecture–a kind of “Swiss army knife” of a hacker. They are able to secretly transfer gigabytes of data to C&C servers, collect passwords, intercept keyboard strokes, record audio and video, as well as download and install other malicious programs on the infected devices.

      There are known cases when the RAT program consisted of more than 70 modules intended to solve different problems. However, this is rather an exception; usually, such Trojans contain about 10-15 functional modules.

      Remote Desktop Protocol

      COVID-19 dictates us to employ remote access more and more. One of the tools here is Microsoft’s RDP (remote desktop). This is not a new tool, but COVID-19 made it tremendously popular. RDP is part of the Windows operating system. Due to its accessibility and simplicity, many companies have begun to use it to connect home employees to work computers.

      Consequently, RDP started to attract cybercriminals too. Many vulnerabilities have been found in it. One of the key flaws in this protocol was the BlueKeep vulnerability. It has been actively exploited recently. According to the specialized search engine Shodan, there are about 4 million systems on the internet with an open RDP port. Attempts to scan ports used by this service are ranked seventh, ahead of other protocols such as SMB or POP3. Cisco Systems reported that about a third of organizations have RDP-related security alerts every month.

      Working from home

      The cybercrooks quickly responded to the transfer of a large number of employees to the remote work mode. More than half of companies have transferred from 50% to 100% of their employees to home offices. The security perimeter became blurred. Experts recorded an explosive growth in the number of malicious sites with the words like “covid” or “coronavirus” in their domain names. Attackers reorient their existing infrastructure to host websites that exploit relevant, newsworthy topics. Many of these rogue websites host ransomware and other malware.

      Looking for passwords

      A significant part of malicious operations is devoted to obtaining passwords. This is the second-most popular activity used by ransomware gangs after phishing. Legitimate accounts allow cybercriminals to remain undetected in a compromised system and leave no traces, unlike attacks involving Trojans or exploitation of vulnerabilities. Often, a hacked user account can only be identified using behavioral analysis tools.

      Logins and passwords are processed in browsers, as well as other places in the system where cached information is stored. Attackers use special tools to steal this data. One of the most popular tools used in such attacks is the Mimikatz utility. This program, originally created for pentests (penetration testing), has been adopted and is actively used by cybercriminals.

      Attacks on health-care institutions

      Although some ransomware groups loudly proclaim that they do not target the health-care sector, researchers observe an increase in attacks against such organizations. Cybercriminals are interested in both research institutions and ordinary clinics. In the first case, the goal of the cybercriminals is classified information that could be sold on the dark market; in the second, the ransom. Medical institutions pay money faster than other organizations, since equipment failure can entail a threat to the life and health of patients.

      Conclusion

      In 2021, I expect a massive surge in the number of ransomware threats, the reasons for which could be both the acceleration of digital transformation in all industries and the widespread transition to remote work. During the course of the year, the number of cyberattacks will grow, their complexity should increase, and it will become increasingly difficult to protect them.

      Author
      David Balaban
      https://privacy-PC.com
      David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. He runs MacSecurity.net and Privacy-PC.com projects that present expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. Mr. Balaban has a strong malware troubleshooting background, with a recent focus on ransomware countermeasures.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      10 Best Artificial Intelligence (AI) 3D Generators

      Aminu Abdullahi - November 17, 2023 0
      AI 3D Generators are powerful tools for creating 3D models and animations. Discover the 10 best AI 3D Generators for 2023 and explore their features.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Social iconFacebook
      Social iconLinkedin
      Social iconRSS
      Social iconTwitter
      Social iconYoutube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×