Will 2021 Be the Year of Ransomware?
 

Ransomware is everywhere, affecting organizations large and small, whether businesses, governments or nonprofits — even healthcare groups in the midst of treating a pandemic. To see its impact, all you have to do is drive down a highway in Massachusetts. There, you’ll be greeted with flashing signs announcing that state vehicle inspections have been suspended because of a ransomware attack. Indeed, it's increasingly looking like 2021 will be the year of ransomware.

This dramatic rise of ransomware is driven home in Mimecast’s State of Email Security 2021 (SOES) report covering email-borne threats: Six out of 10 companies surveyed said that their organization was disrupted by ransomware at some point over the past year.

Elsewhere, it has been predicted that by the end of 2021 there will be a ransomware attack on a business every 11 seconds[1] — and that’s a pre-pandemic projection, before cyberthreats of all kinds began rising in the double digits. Fortunately, according to the Mimecast SOES survey, companies are responding with plans to step up security measures.

Email Becomes a Bigger Target

With pandemic shutdowns and remote working all but eliminating water cooler meetings, companies now depend more than ever on email as the principal medium of business communications.

In fact, 81% of respondents to Mimecast's email security report said that the volume of email at their organization had increased over the past year. According to Mimecast's The Year of Social Distancing report, last year also saw a 60% increase in the use of company-issued computers for personal business. These new realities have created an attractive target for criminals looking to leverage social engineering attacks. So it shouldn't be surprising that there was a 64% rise in the overall cyberthreat volume in 2020 compared to 2019, according to the Mimecast Threat Center.

Companies also recognize the threat. More than two-thirds (70%) of respondents in the SOES report say it is likely that an email-borne attack will damage their company sometime in 2021. One of the top threats? Ransomware. Already, the number of companies reporting disruptions due to ransomware grew roughly 20% in the past year.

Ransomware: Time and Money

Ransomware attacks cost companies time and money. Companies affected by ransomware in the SOES survey noted that they experienced an average of six days of downtime as a result, up from three days in the previous year. More than a third of them (37%) were down for a week or more.

And no target is too small. Consider, for example, that in April, schools in Haverhill, Massachusetts, were closed after their computer systems were hit with a ransomware attack. The shutdown, which also affected remote learning, only added to the trying times for students, educators and parents during the pandemic.

Of course, time is money and that means ransomware can cost a company dearly. It has been estimated that this year, ransomware will cost businesses $20 billion. And criminals are getting bolder every day, with one cybercrime group known as REvil reportedly demanding a $50 million payoff recently for a ransomware attack on a major computer maker.

Ransomware Affects You — and Your Business Partners

A single ransomware attack can also have a ripple effect across multiple businesses. The Massachusetts DMV disruption, for example, was due to a ransomware attack on a Wisconsin-based emissions testing provider, which in turn led to the suspension of state inspections in a total of eight states.

Likewise, last year's break-in at a cloud computing company serving nonprofit, educational and healthcare groups exposed dozens of partners and millions of patients to subsequent attacks when the cybercriminals kept stolen data — despite being paid a ransom.[2] This outcome is not unusual; the SOES reported that while half of attacked businesses felt compelled to pay the ransom, only two out of three of them recovered their data. The other third never saw their data again.

Still, companies can at least improve their odds in the battle against ransomware. In the SOES report, companies with a cyber resilience strategy uniting their people, processes and technology under clear security policies were less likely to have been negatively affected by ransomware than those without a strategy (53% to 68%).

The Bottom Line

The increased digitization of the workplace and growing reliance on email create an environment that is ripe for ransomware attacks. Mimecast’s 2021 SOES demonstrates how these attacks are growing in number and severity — and how companies that have a cyber resilience strategy can have better luck in fending them off.

[1] “Global Ransomware Damage Costs Predicted to Reach $20 Billion by 2021,” Cybercrime Magazine

[2] “The 10 Biggest Healthcare Data Breaches of 2020,” Health IT Security