The State Of Ransomware in 2021

The State Of Ransomware in 2021 and How to Stay Protected

Last year (2020) was a banner year for ransomware. With millions of workers operating from home due to the novel coronavirus, there were plenty of opportunities for infection and exploitation. In 2021, ransomware is not showing any signs of slowing down. The trend of targeted ransomware attacks persists, but with the added challenge of double extortion.

While the number of targets being hit has dropped, the financial impact of ransomware attacks has more than doubled. Ransomware attacks are more targeted and sophisticated, explaining the rise in the cost of recovery and ransom. Therefore, it’s essential for businesses to understand the current versions of ransomware and how they work to corner victims into complying with their demands.

In this article, we look at the most prolific ransomware variants in 2021 (so far) and the tactics they use to penetrate systems. We’ll also explore ways to approach active ransomware incidents and minimize disruption, financial impact, and reputational damage. Finally, we’ll look at the measures businesses need to implement to steer clear of these coercive tactics and avoid an attack altogether. Read on.

Common Ransomware Threats in 2021

Many new ransomware families emerged in 2021. As usual, ransomware operators demand ransom via cryptocurrency. Double extortion stands out as the prominent ransomware theme this year. In a double extortion attack, ransomware operators demand separate payments for unlocking encrypted data and the promise to destroy any data exfiltrated from the victim’s systems.

Attackers will also leverage data stolen before encryption to put more pressure on businesses and increase the chances of a payout. Below, we analyze the highest-impact ransomware variants that are wreaking havoc across the globe.

Netwalker

Created by the cybercrime group known as ‘Circus Spider’ in 2019, Netwalker is one of the fastest-growing ransomware. Netwalker employs advanced encryption techniques to target Windows-based systems. This ransomware variant utilizes phishing as the primary delivery method. Once in your system, Netwalker will extract and encrypt sensitive data for ransom.

Babuk

Babuk is a fairly new ransomware threat discovered in 2021. This ransomware variant has targeted at least 38 enterprises with double extortion ransomware attacks, managing to score $85,000 after one of its victims paid the ransom. Babuk ransomware operators also targeted DC Police and made away with 250 gigabytes of data.

Doppelpaymer

Doppelpaymer is a ransomware family that also uses phishing as the delivery method. It encrypts user data and proceeds to ask for a ransom to restore original files. This ransomware variant was first discovered in 2019 and continues to pose a severe threat in 2021. The actors behind Doppelpaymer are known to follow up their attacks with phone calls to their victims demanding payment.

DarkSide

DarkSide, a cybercriminal group with roots in Eastern Europe, was the culprit behind the recent Colonial Pipeline attack. DarkSide ransomware is delivered through phishing and has been active since at least August 2020. Like many other ransomware variants in 2021, DarkSide adheres to the practice of double extortion. Colonial Pipeline paid $4.4 million in exchange for the decryption key for their network.

CL0P

CL0P ransomware is believed to have been active since at least 2019. This ransomware variant is responsible for several high-profile attacks. Often delivered through phishing campaigns, CL0P ransomware steals, encrypts, and leaks the victim’s data to make them comply. The attacks usually contact the breached companies directly via email, offering to negotiate a payment.

Avaddon

Avaddon is a ransomware family observed since 2019 but has taken a more aggressive turn in the first half of 2021. True to the current ransomware best practice of double extortion, Avaddon combines encryption with data theft to extort more money from victims. However, the ransomware gang behind Avaddon recently announced that they have shut down operations.

REvil

Also known as Sodin and Sodinokibi, REvil is an ambitious ransomware enterprise that first came to prominence in April 2019. REvil operates as ransomware-as-a-service (RaaS) and is commonly distributed via vulnerability exploits and backdoor software. This ransomware variant has been linked to a number of high-profile incidents, including the recent attack on a US nuclear weapons contractor.

Conti

Conti is a double extortion ransomware that steals, encrypts, and threatens to expose sensitive information. Second, only to REvil, Conti is one of the most common ransomware variants in 2021. Conti operators deploy Trojans to steal the victim’s data before encrypting the entire network with ransomware. This ransomware variant is commonly distributed via phishing.

Responding To a Ransomware Incident

Now that you are familiar with the most common ransomware variants, let’s look at what you should do in the event of a ransomware incident. A well-orchestrated response will help you minimize damage and significantly reduce the cost of recovery. In case of a ransomware attack, security experts suggest the following:

• Avoid further damage. Once a ransomware attack is detected, remove infected devices from the network until they are reimaged and thwart these attempts.
• Destroy the source of the infection. Find the source of the infection and remove it to prevent reinfection. For instance, if the malware came from a phishing email, find that email and delete it from all inboxes.
• Restore from backup. Once the infected devices have been cleaned and the source of the threat has been eliminated, restore data from backups and resume operations.

What about paying the ransom? Sending the ransom funds to the attackers is still an option, but security experts or law enforcement do not recommend it. Paying only emboldens cybercriminals and doesn’t guarantee that your data will be restored.

How to Prevent Future Ransomware Attacks

The most important precaution a business can take to prevent future ransomware attacks is to improve security awareness. This can be accomplished through Security Awareness Training. Through training, your employees will learn how to recognize phishing emails and what to do if they encounter such. Having reliable backups, endpoint protection software, and email screening tools can also help.

Ransomware threats are here to stay, and at the current rate of progression, things are only going to get worse. Your business’s best defense is to stay prepared. 360 Smart Networks provides IT services for businesses in the Charlotte and Atlanta areas, helping you increase protection against ransomware threats while you focus on running your business. Call us today to learn how we can help.