2020 Predictions: Ransomware

Morgan Wright, Chief Security Advisor, SentinelOne
The next ransomware attacker jackpot. We’ve seen countless attacks on public school districts and higher ed providers in 2019 which will likely continue, but I expect research institutes to increasingly be in the crosshairs in the coming year. Research institutes hold tremendous amounts of sensitive data that can be criminally monetized and are notorious for disproportionate resource spending. Attackers will use automation to find vulnerabilities and exploit those who are spending on non-security personnel and neglecting security technology.

Hospitality is another industry I expect to be targeted more frequently in 2020. Because of its reliance on point-of-sale equipment and excess spending on advanced analytics to make the customer experience more personalized opposed to defense investments, attacker points of entry are susceptible.

Other industries include TV stations and media outlets, logistics/shipping/transportation, and the energy grid and utilities. Just imagine how quickly an energy or utility company will lean on its insurance policy if people do not have access to power or water. Currently, the U.S. energy grid is a fragmented structure, making a nation-wide attack extremely difficult to carry out.  However, if the consolidation trend continues, I expect targeted ransomware attacks. Albeit not ransomware, only weeks ago we saw the first-ever cyberattack successfully disrupt operations for a U.S. energy provider and just look at what Russia did to Ukraine in 2015. Where money is to be made ransomware will follow.

David Pearson, principal threat researcher, Awake Security

Ransomware is on the rise, but it will be just a distraction for the real attack. Ransomware will be a considerable risk for SMBs with minimal resources and large organizations who still don’t have widespread backup capabilities in place. Even for those who do, the risk of business continuity is real (think of the effect on IT admins and end users if the former needs to continuously wipe and restore the latter’s systems). However, I worry about the organizations who are targeted by ransomware where the ransomware is just a distraction from the real attack. We’ve started to see a few cases of this (e.g., Petya ransomware) but the majority of danger could very well be ahead of us.

Dr. Srinivas Mukkamala, CEO, RiskSense
Ransomware will continue to be the growth driver in cyber-crime. The reason is simple, it’s the shortest distance between investment and revenue for its perpetrators. Unlike, identity theft, crypto-currency theft, or bank fraud, ransomware is a fast, cheap, and effective method of extracting fees from victims. But ransomware too is showing signs of maturity. The rate of appearance of new ransomware families fell by half in 2019(1). The reason for this is that the families that did appear were more sophisticated, harder to prevent, and contained better distribution mechanisms.

At the same time, the average ransomware demands have increased rapidly to $36,000 in the second quarter of 2019(2). But this number really understates the risk as perpetrators have adopted a more sophisticated pricing model which charges larger organizations much higher ransoms to unlock their data. Rivera Beach, FL, for example, had to pay $600,000 to unlock the city records encrypted by a ransomware gang while Korean hosting company Nayana paid $1m to unlock 3,400 hosted websites(3).

Refusing to pay can cost even more as Norwegian aluminum maker Norsk Hydro learned when they spent $58m in the first half of 2019 to remediate the ransomware attack they experienced in March. The company’s Q1 profit also fell 82% due to production downtime caused by the attack(4).

The implications for security professionals of these trends are clear. The time has come to move from a strictly defensive posture vis-à-vis ransomware to a more offensive strategy focused on finding and fixing vulnerabilities that can be exploited by ransomware.

Sharon Reynolds, CIO, Omnitracs
In addition to an increase in ransomware and business email compromise, in 2020 we will also begin to witness an increase in API extortion. Many businesses offering SaaS and IT solutions have multiple open API’s, which puts them at risk. We now need to profile and identify the baseline normalities to API gateways, so that we can work to detect abnormalities and potential pathways for attackers. As security professionals, we need to continue to lead our companies in increasing our security posture, actively working to become more resilient by putting concrete practices in place as we see API’s start to come under attack.

Sam McLane, chief technology services officer, Arctic Wolf Networks
With the ransomware window possibly closing, hackers will loot organizations like kids attacking piñatas with baseball bats

With more than 600 ransomware attacks plaguing the industry in 2019, organizations will desperately adopt new tools and solutions in an effort to dodge the onslaught. However, adversaries will see the door closing, and a widespread free-for-all will break out before the current round of tools closes. Among the disarray, these hackers will do as much damage as possible in order to hold themselves over until the next backdoor is opened and they can clean out organizations once more.

More specifically, adversaries will place a large target on traditionally weaker environments with a lack of backup and restore procedures. Organizations such as hospitals, nursing homes, extended care facilities and the like will find themselves the victims of targeted attacks, and as long as they keep paying, the attacks will keep coming. With medication, confidential patient data and more at risk, the attacks will remain simple as adversaries will leverage scalable campaigns with seemingly reasonable requests that targeted organizations can justify paying due to the potentially dire implications of going unresolved. 

prestitial ad