What Can We Predict From Ransomware in 2020?

As ransomware continues to evolve and is proving to be a lucrative source of revenue for threat actors, it’s important that we forecast into the new year. We hope to help keep individuals & organizations aware of how this malware is becoming more dynamic with our 2020 ransomware predictions. 

A look back at 2019

Ransomware took some interesting turns in 2019 that set it atop as a prolific cybercrime affecting organizations globally. As a cyber threat changing both technically, economically, and socially, our team finds it essential to anticipate what might happen in the coming months with ransomware predictions. 

Opening up your organizational goals to actively prevent ransomware this year can greatly improve your resiliency and attitude to cyber security. To be proactive and keep safe from ransomware threats in 2020, it’s critical to set up a proper cyber security framework which includes analyzing where we are and how the malware may transform over time.

Ransomware predictions for 2020

As we enter this year, Proven Data is setting forth our ransomware predictions to how this cyber threat will evolve. 

Watch out for these ransomware trends that we may see this year:

More extreme extortion tactics

During the later part of 2019, certain ransomware operators started becoming more aggressive in their extortion techniques to try and force companies into paying the ransom. In December 2019, ransomware operators behind MAZE took stolen data from a successful ransomware attack and published their business documents on a public website. Although the website was later taken down, the MAZE cyber criminal organization still left the 14GB worth of data deep on the dark web for the underground cyber crime community to view (and exploit).  

This trend marks a new era of cyber extortion and the more extreme tactics ransomware operators might use in 2020 to coerce victims to pay ransom for the decryption utility. Your company may have a backup in place, however cyber criminals can leverage this tactic to get you to pay up. Businesses will be faced with troublesome decisions in which their data might be leaked & later used against the company in a future cyber attack. 

Furthermore, businesses will have to understand the full scope of these attacks to determine if a data breach notification is necessary and to what extent of their customer base is affected. The healthcare industry will have to particularly pay attention to these new ransomware trends as they change the extent of where & how PHI (Protected Health Information) is accessed by ransomware operators and then leaked to the public.

Software lifecycle & patching becomes a bigger vulnerability

As of January 14th, Microsoft announced that it will no longer be supporting Windows 7. This results in the current state of Windows 7 will be stagnant and will not see any future official revisions from Microsoft developers. Organizations and network infrastructure currently operating under Windows 7 may now be vulnerable to a wide range of possible attack vectors which poses threat. Ransomware operators might have less difficulty executing ransomware on the network. 

Organizations must upgrade to avoid potential security vulnerabilities. The Windows 7 operating system, born over a decade ago in the summer of 2009, was such a popular OS that was used both at the enterprise & consumer level. 

Unpatched software has been an attack vector we’ve seen used in the past as demonstrated with the JBOSS vulnerability from Samsam and EternalBlue with Wannacry. The EternalBlue exploit was patched 2 months prior to the Wannacry attack and still caused significant widespread damages.

Ransomware targeting MSPs and cloud service providers

Companies and organizations that use outsourced IT vendors, cyber security products, or a managed service provider (MSP) should reassess to evaluate the security posture at the vendors in which they choose to complete their data and computing needs. Cyber diligence is used to describe the auditing process in which you examine the relationship between your businesses and data security. 

We recommend following up with the service providers you have relationships with and expressing your concerns for the effect ransomware could have on your operations. Opening up this dialogue about ransomware will make both parties aware of the seriousness behind addressing the issue and implement steps to reduce risks. MSP’s have a duty to protect their infrastructure given that they are responsible for the data of several organizations.

Cloud service providers also make an enticing target for ransomware operators since they host many different companies’ data. Just like MSP’s, once they are infiltrated, multiple organizations are affected at once. Internal data at Proven Data suggests that this trend was largely present in 2019 and we predict that this will continue into 2020 as threat actors evaluate their potential targets. 

Iran tensions diminish… cyber risks still at large

In the weeks following a contentious period between the United States & Iran, government officials and cyber experts warned about the potential of incoming cyber attacks from the Iranian hacking community here on U.S. businesses and national administrative agencies. Although the imminent threat of a physical altercation between the two countries has deescalated, Iran still proves to be an extensive proponent of cyber attacks as their hacking culture continues to grow. 

Countries with limited armed forces resources such as Iran cannot contest with the United States on a physical theatre of war and have chosen more sophisticated cyber attacks that cost less and can be more effective here on U.S. soil. 

Protect yourselves from ransomware before it’s too late

Our data shows that out of the thousands of ransomware victims we’ve assisted, the majority of the attacks can be prevented by following basic security.

• Patch software & hardware with the latest security firmware and updates
• Identify and address access controls within the organization
• Ensure two-factor authentication is enabled
• Implement an email filtering service to block phishing attacks
• Invest in an endpoint detection and response (EDR) solution to stop attacks before they are executed
• Review the data backup procedure and test to see the backups function properly and can be used to restore
• Data backups should be kept both locally (offline, non-network attached storage) and in the cloud
• Review & modify your incident response plan and ensure it addresses current cyber threats such as ransomware