Ransomware attacks, where criminals encrypt all of the data on a target network and demand payment in exchange for the decryption key, has grown more dangerous than ever before, a new report from cybersecurity pros F-Secure has claimed.
The company’s Attack Landscape report, updated for the first half of 2021, states that there are now at least 15 ransomware families adopting the “Ransomware 2.0” approach, up from just one in early 2019. Ransomware 2.0 also includes data theft, aside from encryption.
Criminals opting for Ransomware 2.0 will steal as many sensitive files as they can and threaten to release the information online, unless the demands are met. This approach came as the result of the increasing use of backup solutions, as businesses started restoring their data and stopped paying the ransom.
The report also said that almost 40% of ransomware families discovered in 2020, as well as several older ones, steal data from victims.
“Organizations with reliable backups and effective restoration procedures are in a strong position to recover from a ransomware attack without having to pay. However, managing a potential data leak is a dramatically different challenge, especially for organizations that possess confidential information,” explained Calvin Gan, a Senior Manager with F-Secure’s Tactical Defense Unit.
“Ransomware actors, current and future, will likely feel emboldened to try new things and jump on vulnerabilities faster, which we’re already seeing with the recent MS Exchange vulnerabilities.”
Paying the ransom
Organizations should never pay the ransom, experts and law enforcement agencies including the FBI have said. Paying the ransom does not guarantee they will get their data back, and in many cases – they don’t. Also, paying up doesn’t guarantee that another ransomware operator (or even the same one) will not attack the company again in the near future.
Instead, organizations are encouraged to set up a strong backup solution, a strong cybersecurity tool, and educate their employees and managers on the dangers of phishing, malware, and ransomware.