Ransomware is one of the fastest growing threats in cybersecurity, with global damages predicted to reach £15 billion by 2021, up from £262m in 2015. Attackers will target companies under pressure from the post-pandemic economic recession and they are more likely to cave to ransom demands.Conventional attack work by denying an organisation access to its own data until it pays a ransom.

The developers of Maze ransomware, for example, have begun taking copies of data and threatening to release it publicly. Others, such as REvil, threaten to delete it entirely.

The business of ransomware is also changing. We are seeing actors ramping up demands – in some cases, seeking payment of one sum in five days, but then demanding more every few days after. Some groups charge an organisation to unlock access to its data, but also go on to sell data they have harvested, giving them a revenue “double dip”.

In 2021, we will see an increased trend away from a “spray and pray” approach to ransomware attacks to ones known as “big-game hunting”. This is where attackers focus their efforts on victims that can yield a greater financial pay-off.

There will be bold cyber strikes on wealthy organisations by major e-crime organisations (known as “SPIDERS”). These include INDRIK SPIDER, which runs Dridex, and WIZARD SPIDER, the Russian-based operator behind the TrickBot banking malware and Ryuk.

Organisations will become more vulnerable to attacks because many of their employees will be using home internet connections, many of which are far less protected than corporate networks. This will increase the chances of actors gaining entry to an organisation’s systems, but it also raises questions of liability. In 2021, we will all have to agree that “everything this side of the firewall is the business’ responsibility”.

2021 will be a boom time for ransomware attackers, solutions such as cloud-delivered, AI-driven security that can react in real time will help us defend ourselves against them. But all enterprises will also have to look hard at their cybersecurity measures and understand that “good-enough security” isn’t good enough at all.