2020 sees cybercriminals turn to Ransomware 2.0

Historically ransomware has relied on encrypting data and then demanding money in order to release it.

But a new report from F-Secure shows that 2020 has seen an increase in ransomware that also steals data, giving the attackers more leverage over their victims. If organizations first refuse to pay a ransom to decrypt their data, attackers threaten to leak the stolen information, increasing pressure on victims.

Only one ransomware group was observed using this type of extortion — dubbed Ransomware 2.0 — in 2019 but by the end of 2020, 15 different ransomware families had adopted this approach. In addition nearly 40 percent of ransomware families discovered in 2020, as well as several older families, were known to also steal data from victims by the end of last year.

“Organizations with reliable backups and effective restoration procedures are in a strong position to recover from a ransomware attack without having to pay. However, managing a potential data leak is a dramatically different challenge, especially for organizations that possess confidential information,” says Calvin Gan, a manager with F-Secure’s Tactical Defense Unit. “Ransomware actors, current and future, will likely feel emboldened to try new things and jump on vulnerabilities faster, which we’re already seeing with the recent MS Exchange vulnerabilities.”

The report also shows some other cybersecurity trends including attackers’ use of Excel formulas — a default feature that can’t be blocked — to obfuscate malicious code tripling in the second half of 2020.

Outlook is the most popular brand spoofed in phishing emails, followed by Facebook and Office365. Email accounted for over half of all malware infection attempts in 2020, making it the most common method of spreading malware in cyber attacks.

In a look at the notable supply chain attacks from the last 10 years, the report highlights that over half of them targeted either utility or application software. The authors express hope that last year’s SolarWinds hack will draw greater attention to the impact these attacks can have.

“In security, we place a lot of emphasis on organizations protecting themselves by having strong security perimeters, detection mechanisms to quickly identify breaches, and response plans and capabilities to contain intrusions. However, entities across industries and borders also need to work together to tackle security challenges further up the supply chain. Advanced persistent threat groups are clearly ready and willing to compromise hundreds of organizations through this approach, and we should work together to counter them,” adds Gan.

You can read more and get the full report on the F-Secure blog.

Image credit: AndreyPopov/depositphotos.com