January 7, 2020

Cybersecurity Trends in 2020: Ransomware

Written by

Don’t miss the rest of the articles in our Cybersecurity Trends in 2020 series:


The ransomware landscape for 2019 was full of mixed news. For example,

  • According to a McAfee report, ransomware attacks grew by 118 percent in the first quarter of 2019.
  • On a positive note, a report by SonicWall showed that there were 151.9 million ransomware attacks in the first three quarters of 2019. This marked a 5 percent decrease from 2018.
  • Security provider Emisoft reported that 2019 in the US saw a significant rise in attacks on public sector organizations including local municipalities, schools, and hospitals.

What does this mean? According to the experts we spoke with, the cyber criminals who use ransomware can adapt faster to changing security while targeting those least equipped to combat their attacks. We asked cybersecurity experts to weigh in on what ransomware will look like in 2020 and what companies and organizations can do to prepare. These are the cybersecurity trends for ransomware in 2020.

The nature of the ransomware threat in 2019

The ransomware market is both lucrative and endlessly adaptable to the changing defenses of cybersecurity software. John Ford, CISO at ConnectWise explains how easy it is for cyber criminals to adapt their tactics to outsmart current software trends.

John Ford Cybersecurity expert John Ford, CISO at ConnectWise

“Ransomware is as close to a perfect economy as one could enter, other than the fact that it is an illegal underground market,” Ford says. He reports a significant increase in the availability of malicious code on the black market.

Cyber criminals have made this code more affordable and easier to use. The sellers “provide full tech support in teaching the attacker how to execute an attack. This code is then further modified by the purchaser. This last action makes certain that security products that may have seen and prevented the original code will likely fail to do the same with the modified version.”

With increased access to affordable code and better support, the criminals have essentially produced a ransomware as a service model, which Ford predicts will result in an increase in attacks over the course of 2020.

Liron Barak, co-founder and CEO of BitDam, echoes the sentiment that ransomware threats evolve faster than security software can detect them, which gives attackers a significant head start against security teams.

Barak said, “As we see it, the cycles of those attacks are happening, on average, every other week. The attackers develop a new sample base that contains a new obfuscation technique or a new evasion technique, and they are off and running. Attackers create permutations of those samples and distribute them. Until security vendors are able to react to this ongoing threat, the attackers will keep developing a new base for the samples.”

Perhaps more worrying to the general public than the threat to corporate data is the threat to public systems. Some criminals target public and private organizations at both the federal and local levels that rely on personal data but have traditionally implemented poor security.

Joe Pettit, director at Bora Cyber Security Marketing Agency, explains, “During 2019, there has been an emphasis by cyber criminals to target schools, hospitals and other areas of society that are perceived as vulnerable and where the data is critical to daily operations. Most of these organizations don’t have the resources to make sure they are prepared to tackle a ransomware attack, and unfortunately (against the advice of the FBI) have to pay to get their data back.”

Pettit says that when organizations pay ransoms, this incentivizes other criminals to carry out similar attacks. That creates the marketplace where the rewards of committing the crime greatly outweigh the punishments.

Ransomware threat landscape in 2020

The start of the new decade will likely bring several currently-unknown threats, but the current known trends to watch are advanced persistent threat (APT) and personalized or targeted attacks designed to break down, bypass, or subvert current safeguards.

Criminals will invest in a long-term approach known as APT that keeps them in close contact with a target network. They will employ APT to systematically destroy safeguards like persistent backup to the cloud. Michael Soepnel, chief security officer of OSIbeyond, points out that “The ongoing migration of data to cloud-based storage platforms where recovery capabilities are built-in also limits the effectiveness of traditional ransomware. In response, we are seeing a more personalized and targeted approach by criminals to organizations of all sizes.”

Michael Soepnel cybersecurity expert Michael Soepnel, CSO of OSIbeyond

An APT seeks to learn the system and its safeguards, so the criminals can ransom files and “maintain a persistent presence on an organization’s network and use it to destroy backups, gain access to and compromise cloud-based storage and also interfere with recovery efforts,” Soepnel concludes.

While companies do more to protect their data and train their employees to identify and react to ransomware attacks, criminals also continue to evolve. Experts agree that attacks will become more targeted, sophisticated, and tougher to detect. Laurence Pitt, Cybersecurity Marketing and Strategy Director at Juniper Networks, predicts that we “will see more multi-layered spear-phishing where multiple targets inside a business are used to gather information and gain access. The delivery mechanisms will also be more complicated, perhaps only ransoming very specific data or even critical portions of data.”

Michael Gorelik, Chief Technology Officer at Morphisec, reports that in 2020, malware and ransomware tools that “bypass behavior-based solutions, static-based scanning solutions, and whitelisting-based solutions” will become harder to detect. “For example, in February of 2019, Morphisec lab researchers found attackers using Cobalt Strike—in tandem with malicious malware payloads—to target POS, hijack systems, execute code, harvest credentials, and circumnavigate EDR scanning. These malware attacks are only going to become more sophisticated and common.”

How companies and organizations should defend against ransomware in 2020

So, if 2020’s threats will become more complicated and harder to detect, how should organizations prepare themselves? The experts we spoke to say that companies and organizations must modernize their infrastructures and get a jump on the attackers before they become victims. In addition, they have to think about recovery systems, because even the best-protected systems will fall prey to attackers eventually.

And because attacks are growing more specialized, attackers won’t limit themselves to the traditional high-value targets like financial organizations. In today’s digitized marketplace, nearly every company and organization stores and processes personal identifying information (PII), and that data has value on the black market.

Alan Conboy, CTO at Scale Computing, points to the increased media coverage of criminal ransoming banks and hospitals along with non-traditional targets like local governments and airlines as an indicator of the movement in the ransomware market.

Alan Conboy cybersecurity expert Alan Conboy, CTO at Scale Computing

He says that the increased targeting of smaller organizations means that all organizations should pay attention to their security profile. Failure to do so could prove disastrous. Conboy says, “businesses must realize that traditional legacy tools not only slow their digital journey down, but leaves them vulnerable to tactical and well-organized criminals. We will see organizations taking advantage of highly-available solutions, such as hyperconvergence and edge computing, that allow them to not only keep up with changing consumer demands, but deploy the most effective cyber defences, disaster recovery, and backup.”

Conboy also predicts that the rise in business-related costs of insurance and IT reactions to ransomware will become the biggest problem for small or poorly-defended organizations. “Insurance companies will begin to take an active role, not just in the recovery of data, but in the decision-making when it comes to whether or not to pay the ransom demand. The overall cost of doing business will rise in conjunction with the growing threat of cyber attacks, and every business should be bracing themselves for the impact,” Conboy says.

In addition to understanding the nature of the threat and preparing for potential financial implications, Joe Pettit suggests companies prepare and fight back in these ways:

  • “Educate staff on what Ransomware is and how attacks can enter an organization
  • Ensure you back-up your data on a regular basis
  • Test that you have the ability to recover quickly before an actual ransomware attack occurs.”

At a strategic level, organizations will need to plan to consult with outside experts for an informed and comprehensive defense. Mike Satter, President at OceanTech, says that while companies tend to provide adequate support after an attack, guidance can improve prevention strategies.

Satter says, “Outside help tends to be the strongest option because employees below the CIO/CISO might be apprehensive about telling the tech boss they’re wrong. On the flipside, outside experts will be more likely to poke holes into a loose and/or incomprehensive strategy.” He suggests using “a combination approach of inside and outside experts to execute the most secure cyber threat game plan.”

Ransomware beyond 2020

Understanding the ransomware threat for 2020 is a start, but companies who hope to reduce their risk of attack while increasing their use of data for customer-driven use cases need to prepare in multiple ways. Internal training, external consulting, and a trusted software defense will improve an organization’s chances of thwarting ransomware attacks.

TechnologyAdvice helps companies and organizations find the right cybersecurity software for their defense needs every day. We can match your budget and requirements with a list of vendors and take hours off your research process. Use the Product Selection Tool on the security software page to get started.