At the end in September, an emergency technician in the United States gave WIRED a real-time report on what it was inside their hospital as ransomware attack raging. With their digital systems locked down by hackers, healthcare workers have been forced to use back-up paper systems. They were already struggling to manage patients during the pandemic; the last thing they needed was more chaos. “It’s a life and death situation,” the technician said at the time.
The same scenario repeated itself across the country this year, as waves of ransomware attacks crashed on hospitals and health care provider networks, peaking in September and October. School districts, meanwhile, have been hit by attacks that crippled their systems just as students tried to get back to class, in person or remotely. Businesses and local and state governments have faced similar attacks at equally alarming rates.
Ransomware has been around for decades, and it’s a pretty straightforward attack: Hackers distribute malware that en masse encrypts data or otherwise blocks access to a target’s systems, then demands payment to free the digital hostages. It’s a well-known threat, but difficult to root out – something as simple as clicking a link or downloading a malicious attachment could give attackers the foothold they need. And even without this kind of human error, large corporations and other institutions like municipal governments still struggle to devote the resources and expertise necessary to establish basic defenses. After observing these attacks in 2020, however, incident responders say the problem has worsened and the ransomware forecast for next year looks pretty dire.
“I see no reason why ransomware would slow down in 2021,” said Charles Carmakal, senior vice president and chief technical officer of cybersecurity firm Mandiant, which is owned by FireEye. “Everything that’s playing out this year leads me to believe it’s going to keep getting worse until something really dramatic happens. I plan to see the threat actors become more disruptive. “
While some researchers say the scale and severity of ransomware attacks crossed a clear line in 2020, others describe this year simply as the next step in gradual and, sadly, predictable decentralization. After years of perfecting their techniques, attackers are getting more and more daring. They have started incorporating other types of extortion like blackmail into their arsenals, exfiltrating an organization’s data and threatening to disclose it if the victim does not pay additional fees. More importantly, ransomware attackers have moved from a model where they hit many people and racked up many small ransom payments to one where they carefully plan attacks against a small group of large targets from which they can demand massive ransoms. Antivirus firm Emsisoft found that the average charged fee has increased from around $ 5,000 in 2018 to around $ 200,000 this year.
To make all of this happen, ransomware gangs have professionalized. A whole underground economy has grown to provide support services like stolen credentials or even consultation time with network access specialists. As a result, Brett Callow, Threat Analyst at Emsisoft, explains that it’s not so much that the amount or pattern of attacks has changed, it’s that these attacks have become even more effective and intrusive.
“Ransomware always has its peaks and valleys,” Callow says. “I really think things haven’t changed much over the year. It’s something that is progressive over a period of time. But credit where credit is due, ransomware groups have. a great job growing their business. “
Researchers and incident responders are completely focused on trying to change the looming tide of ransomware. Monday, the Institute for Security and Technology launched a ransomware task force with partners like Microsoft, the Shadowserver Foundation, Citrix and McAfee.