Information about the 2021 ransomware trends identified by U.S. and European cybersecurity agencies and simple steps you can take to improve your security posture and prevent ransomware attacks.

2021 Ransomware Trends

Cybersecurity agencies identified several 2021 ransomware trends that look set to continue throughout 2022. There was an increase in ransomware attacks in 2021 with education and government the most commonly targeted sectors. The pandemic and lockdowns meant businesses needed to switch to remote working and security teams struggled to defend their networks. Ransomware gangs were quick to exploit vulnerabilities to gain access to networks, steal sensitive data, and encrypt files to extort money from businesses.

2021 also saw an increase in sophisticated ransomware attacks on critical infrastructure. Cybersecurity authorities in the United States said cyber threat actors had conducted attacks on 14 of the 16 critical infrastructure sectors, with the UK’s National Cyber Security Centre reporting an increase in attacks on businesses, charities, legal firms, healthcare, and local government.

While initially, several ransomware threat actors were focused on big game hunting – attacking large, high-value organizations that provide critical services such as Colonial Pipeline, Kaseya, and JBS Foods – the attacks prompted the raising of the status of ransomware attacks to the level of terrorism, and the increased scrutiny on ransomware gangs saw ransomware attack trends change, with the focus shifting to mid-sized organizations.

Double extortion tactics have been the norm for the past two years, where attackers exfiltrate data prior to file encryption and then demand payment for the decryption keys and to prevent the publication of stolen data. A new trend of triple extortion in 2021 saw ransomware gangs also threaten to inform the victim’s partners, shareholders and suppliers about the attack. It is also now common for ransomware gangs to work with their rivals and share sensitive data. There have been multiple cases where ransomware gangs have shared information with other gangs to allow them to conduct follow-on attacks.

2021 saw an increase in attacks on the supply chain. By compromising the supply chain, ransomware gangs are able to conduct attacks on multiple targets. There was also an increase in attacks targeting managed service providers, where MSP access to customer networks is exploited to deploy ransomware on multiple targets. Russian ransomware gangs have been increasingly targeting cloud infrastructure, accounts, application programming interfaces, and data backup systems, which has allowed them to steal large quantities of cloud-stored data and prevent access to essential cloud resources.

Diverse tactics were used in 2021 to gain access to victim networks, including quickly developing exploits for known vulnerabilities, conducting brute force attacks on Remote Desktop Protocol, and using stolen credentials. These tactics have proven effective, helped by the increase in remote working and remote schooling due to the pandemic.

Improve Your Defenses Against Ransomware Attacks

To defend against ransomware attacks, it is important to prevent attackers from using these tactics. The number of reported vulnerabilities increased in 2021 and security teams struggled to keep up with routine patching. Security teams need to prioritize patching and concentrate on patching the vulnerabilities that are known to have been exploited, such as those published in the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog, and critical vulnerabilities where there is a high change of exploitation.

To combat brute force attacks, it is important to ensure all default passwords are changed and strong passwords are set for all accounts. Consider using a password management solution to make this easier. Multifactor authentication should be set up for as many services as possible, especially for access to critical systems, VPNs, and privileged accounts. RDP, other remote access solutions, and risky services should be closely monitored and ports and protocols that are not being used should be disabled.

It is also vital to take steps to prevent phishing attacks. Phishing is commonly used to gain access to credentials to gain a foothold in networks, or for phishing emails to be used to deliver malware. An advanced email security solution should be implemented to detect and block as many phishing threats as possible to prevent then from being delivered to employee inboxes. A web filtering solution can improve defenses by blocking access to the websites linked in phishing emails and to prevent the downloading of malware from the Internet. Security awareness training for the workforce is also important. Training should raise awareness of the risks of visiting suspicious websites, clicking on suspicious links, and opening suspicious attachments.

TitanHQ can help with all of these anti-phishing defenses through SpamTitan Email Security, the WebTitan DNS-based Web Filter, and SafeTitan Security Awareness Training. To find out more about these solutions for SMBs, enterprises, Internet Service Providers, and Managed Service Providers, give the TitanHQ team a call.