In 2021, attacks became highly effective and impactful. At the same time, high-volume indiscriminate ransomware threats remained omnipresent throughout the year.
In this post, the Varonis Threat Labs team shares what they observed in the wild while working on ransomware investigations.
Overall, the team identified these five ransomware trends that shaped 2021:
- Ransomware-as-a-Service became the go-to model for attackers. 2021 saw a shift toward the Ransomware-as-a-Service (RaaS) business model, where groups recruit affiliates or partners to conduct specific parts of their operation.
- Attackers crafted bespoke ransomware. In 2021, threat actors bullied targeted organizations with victim-specific ransomware designed to avoid detection and ensure the efficacy of the attack within the victim’s environment.
- Attackers went “big game hunting.” Sophisticated ‘big game hunter’ ransomware groups, both old and new, honed their ability to access victims’ networks worldwide. Cybercriminal groups adopted the now widespread ‘double extortion’ tactic to steal—and threaten to leak—sensitive data.
- Ransomware sent shockwaves through the software supply chain. Numerous high-profile incidents targeting high-worth organizations via software supply chains during 2021 demonstrate the impact that ransomware can have on an organization—and, in some cases, led to ‘real-world’ outcomes sending shockwaves across the broader economy.
- Attackers bought and sold off-the-shelf commodity malware. Commodity malware continued to be widely adopted by threat actors of varying sophistication—from organized cybercriminal gangs delivering payloads to gain initial access to high-value targets to script kiddies using simple off-the-shelf threats to steal credentials for resale on the dark web.