Dubbed Ransomware 2.0, the hackers' attackers obtain more leverage over their victims, and if organizations first refuse to pay a ransom to decrypt their data, attackers threaten to leak the stolen information, increasing pressure on victims to pay.
This evolution, referred to as Ransomware 2.0 in the report, was a significant development in 2020. Only one ransomware group used this type of extortion in 2019. By the end of 2020, 15 different ransomware families had adopted this approach. More than 40 percent of ransomware families discovered in 2020, and several older families stole data from victims by the end of last year.
F-Secure's Tactical Defense Unit Senior Manager Calvin Gan said that organizations with reliable backups and effective restoration procedures are in a solid position to recover from a ransomware attack without having to pay.
"However, managing a potential data leak is a dramatically different challenge, especially for organizations that possess confidential information. Ransomware actors, current and future, will likely feel encouraged to try new things and jump on vulnerabilities faster, which we already see with the recent MS Exchange vulnerabilities."
The report also noted:
- Attackers' use of Excel formulas – a default feature that cannot be blocked – to obfuscate malicious code tripled in the second half of 2020.
- Outlook was the most popular brand spoofed in phishing emails, followed by Facebook Inc. and Office365.
- Nearly three-quarters of domains used to host phishing pages were web hosting services.
- Email accounted for over half of all malware infection attempts in 2020, making it the most common method of spreading malware in cyber attacks.
- Malware that automatically collects data and information from victims (infostealers) continues to be a threat; the two most prevalent malware families in the latter half of 2020 were both infostealers (Lokibot and Formbook).
- 61 percent of vulnerabilities found in corporate networks were disclosed on or before 2016, making them at least five years old.
Gan said: "Entities across industries and borders also need to work together to tackle security challenges further up the supply chain. Advanced persistent threat groups are clearly ready and willing to compromise hundreds of organizations through this approach, and we should work together to counter them."