In the fourth quarter of 2020, we saw, for the first time in the last year, a decline in average ransomware payment by almost $100,000. This decline, however, came at the cost of over two times as many reported ransomware cases as opposed to the fourth quarter of 2019. The cybersecurity industry has been touted by many as unpredictable, and for good reason. Since the only constant in cybersecurity is change, it is a very fast-paced environment. Cybersecurity professionals are always researching, discovering, and eradicating malware from your networks as they continuously work for you and your organization against these threat actors.

Cyberattacks happen anytime, anywhere, and to anyone, so there are several ways to view the reason behind why ransomware activity can be unpredictable. Those in the industry claim the incidents they respond to is what makes ransomware attack activity so unpredictable. For instance, it can be how a particular ransomware group targets a specific industry, but then in the same month they target a different industry.

Another theory as to why ransomware attack activity is unpredictable is the secondary effects of a global crises. The coronavirus pandemic has drastically shaped the world today. As unpredictable as it was on the world last year, it has taught a lesson to all. For the cybersecurity industry, it showed how influential current events are for any organization. During the peak of the coronavirus pandemic, SpearTip saw an increase in Incident Response (IR) cases.

By having most, if not all, workforces at home, it allowed threat groups to easily target and attack environments. Organizations were not ready and/or equipped to handle what it takes to securely work-from-home. Vulnerabilities were exposed and attacked causing business disruption, negative press, or a ruined reputation. Organizations are still in the process of obtaining a strong structure and policy in place. Some lack the necessary resources to do so either in-house or externally.

Most recently, federal agencies have taken down the ransomware infrastructure of numerous threat groups impacting the groups’ ability to compromise organizations. One of the biggest malware botnets in the world, Emotet, was taken down in January along with NetWalker’s data leak site. The cybersecurity market saw a decrease in Incident Response cases from popular ransomware variants Emotet and NetWalker weeks before being publicly reported.

In addition, the industry saw a vast majority of companies being affected by the supply chain attack utilizing SolarWinds. This particular breach’s effects are still being felt, and they will continue to be felt for a long time. This incident was extremely unpredictable given environments were compromised, but most security personnel never noticed being under attack. It has taught everyone the lesson of establishing the mindset to always think your organization isn’t safe and to implement the right policies and procedures to be proactive.

In all, ransomware activity is innately human in nature. Because of this, just like other human behavior, it is constantly being pulled by socioeconomic standards and constantly changing. Over time, threat actors have become more sophisticated and quickly adapt to corporations’ defensive posture, thereby requiring constant vigilance. In response, SpearTip’s threat hunters are continuously watching and monitoring for new activity. Our cybersecurity engineers are always ready for a cyberattack. Our SOC works 24/7/365 and will assist with any issues or concerns regarding your cybersecurity needs.