In 2021, Ransomware was big business.
Seemingly every month, major headlines told of malicious attacks on notable business colossi, including Polish video game studio CD Projekt Red, PC manufacturer ACER, and insurance company AXA.
They made for explosive headlines, but they still barely touched upon the true increase of ransomware attacks in 2021. Arguably, it was the boom of home workers and remote workforces that truly kick-started the criminal scheming – with SMEs bearing the brunt.
How SMEs Started a Ransomware Revolution
Ransomware was by no means new, but the circumstances of the year prior were. With a national lockdown keeping workers away from their usual office environment, cyber criminals saw a new wave of unprotected and unaware victims to prey upon – all connecting from the comparatively less secure home and public Wi-Fi.
That’s not to say on-prem solutions weren’t at risk either. The rush for IT admins to create a safe and secure working environment left them vulnerable, and the resulting window encouraged a cyber criminal feeding frenzy. Criminals now had both individuals and business premises to target, and so long as they could extort one with the threat of stolen data, they could easily move on to extorting the other, thanks to their shared networks.
What Makes Ransomware a Business’ Biggest Threat?
Cyber crime works on a ‘campaign’ level; beginning in almost all cases with a phishing email set to trick the victim into clicking a malicious link or file. From here, Ransomware can seep into a victim’s device, whereby it delivers a triple threat: stealing a user’s data, locking all access to their files, and demanding a hefty cryptocurrency fee for their return. No business wants to deal with the downtime, while few remote users would want to admit to jeopardising their company. Either way, profits or data are compromised, and with workforces now spread so far and wide, businesses without stringent ransomware defences have simply widened the net for cyber criminals.
What Does this Mean for Businesses in 2022?
Sadly, the increase in ransomware attacks in 2021 is likely the start of something larger. Those phishing emails, for example, aren’t only about delivering malware; it’s suggested that their poor English and multiple grammatical errors are actually a screening device, designed to identify ‘marks’ that aren’t especially discerning. A campaign that targets an entire company and encounters a high open rate on their emails could indicate a company with poor security. Criminals aren’t content to hit and run when there’s a gold mine of gullible marks to exploit.
The Ransomware Business
The Dark Web is a section of the internet we rarely see; it’s here that the pages of code that run our websites, or the databases that store form details, are stored. It’s also the perfect place for cyber criminals to hide. Specialist Dark Web sites, accessible from specialist browsers, house a black market of stolen goods, including data stolen from compromised businesses. Yet in recent years, it’s the Ransomware itself that has become the lucrative trade.
The Ransomware-as-a-Service business model now means even amateur criminals can begin their own campaign of crime. Developers lease their ransomware to clients and include 24/7 support, affiliate programs with partner cyber criminals and deliver it all at a competitive monthly fee. Ransomware isn’t just attractive to the technically inexperienced, but readily available too.
Preparing for the Future
The number of ransomware attacks in 2021 absolutely eclipses previous years, with an increase of 151% over 2020 alone. Businesses and their users have drastically revised their working standards in the past year – it’s time they did the same for their ransomware defences.
At Chalkline, we're accredited to the highest standards by dozens of leading technology partners, including Microsoft, Mimecast and Barracuda. For exceptional providers of IT services and security, look no further.we’re trusted by leading IT developers and manufacturers to deliver exceptional service and security.
For more on the future of your business’ cyber security, why not download our free 2021 SMB Cyber Security Report?