This article is part of our Essential Guide: Essential guide to operation-centric security

Double extortion ransomware will be a big theme in 2021

Defenders will see heightened levels of cyber crime next year as criminals pivot their attacks from data encryption to exfiltration

The coming 12 months will bring increasingly aggressive cyber crime activities as malicious actors continue to pivot their ransomware attacks from data encryption to data exfiltration, and with much of the workforce remaining at home until the second quarter at least, the cyber security challenges that were amplified by Covid-19 will persist for the time being.

That is according to new research data compiled by data protection specialist Acronis, which has highlighted a number of key trends that defenders should be wise to in its 2020 Cyberthreats report.

According to its statistics, more than 1,000 companies had their data leaked after not giving in to ransomware demands during 2020, and this trend, which was first observed at the end of 2019, will accelerate in 2021, becoming a primary cyber crime tactic.

Such double extortion attacks attempt to maximise financial gain for cyber criminals by putting additional pressure on their victims to pay up by threatening to release proprietary or embarrassing data. The now defunct Maze group – which had close links to many other operations – accounted for about 50% of all such attacks this year.

“More than any year in recent memory, 2020 posed a tremendous number of challenges to IT professionals, organisations and the service providers who support them,” said Stas Protassov, Acronis co-founder and technology president.

“What we’ve seen is how quickly bad actors are adjusting their attacks to the new IT landscape. By analysing the activity, attacks and trends we’ve detected and clearly presenting our findings, we hope to empower our partners and help the IT community at large to prepare for the threats on the horizon.”

Acronis’s researchers also suspect that ransomware operators will look for new victims next year and adopt a more automated approach to their work. They are also likely to focus on targets that provide a bigger return on investment – big cloud providers and managed service providers will be more at risk because breaking into one network to steal data from many victims is far more profitable than attacking one business.

Read more about ransomware

  • The APAC region was a primary target of advanced persistent threat groups, mostly from China, Iran, North Korea and Russia, that carried out 34 campaigns between June 2019 to June 2020.
  • Sophos researchers anticipate a trickle-down effect in the cyber criminal underground.
  • UK-based organisations are either more, or less, likely to pay ransoms, depending on which cyber security supplier you want to believe.

Reflecting the views of others, Acronis also reported an increasing problem with legacy cyber security systems becoming unfit for purpose.

Blocking new forms of malware and ransomware has rendered traditional antivirus technology essentially obsolete and unable to keep up with the vastly increased, sophisticated and speedy evolution of such threats. The average lifespan of a malware sample in 2020 was just over three days, and the advent of automation means that the number of samples in the wild will inevitably climb.

“When it comes to existing solutions and strategies, the current trends in cyber attacks all show that traditional cyber security is failing – usually because of weak technologies and human error, which are both avoidable,” said Candid Wüest, Acronis vice-president of cyber protection and co-author of the report.

“Just as cyber criminals are evolving their attacks, organisations need to advance their protection and security. Comprehensive cyber protection solutions offer the integration and automation that eliminate complexity, optimise performance and streamline recovery when a successful attack inevitably occurs.”

Next Steps

Cisco Talos: Exchange Server flaws accounted for 35% of attacks

Read more on Hackers and cybercrime prevention