Lorem ipsum dolor sit amet, consecte cing elit eiusmod tempor.

Ransomware has become an increasingly virulent threat targeting businesses, government agencies, schools, and even individuals. As ransomware attacks gained greater traction and variety in 2020, so too will they bring about more developments in 2021. A report released Wednesday by BlackBerry highlights several trends to watch for in the year ahead.

For BlackBerry's "2021 Threat Report," researchers and security professionals at the company were asked to offer their cybersecurity predictions for the upcoming year. In response, they advise organizations and users to stay vigilant to the following threats as 2021 progresses.

Ransomware attacks will continue to leverage the double-extortion strategy

A growing tactic among cybercriminals is the double-extortion ransomware attack. In these cases, the attackers demand a ransom not just to decrypt the stolen data but to refrain from releasing it publicly. If the ransom is not paid within a certain time, the criminals vow to publish it for all to see or reveal it to a possible competitor.

Even if the victimized organization can restore the data from backups, they may still be forced to pay the ransom to prevent the data from being exposed.

Recommendations to protect companies

Though attackers have become increasingly skilled at exploiting vulnerable services and unpatched software, most ransomware breaches still require some type of end-user interaction, said Eric Milam, BlackBerry lead threat researcher. In this regard, ransomware typically executes when a user clicks a link or opens a malicious attachment in an email. As such, Milam offers the following recommendations:

1. Organizations need to have a strong culture of security to minimize the risk of an attack. Patch efficiency, antivirus software, and simple endpoint administration are no longer enough. You must use security that employs signature-based patterns, behavioral analytics, and machine learning backed by a strong R&D team.
2. A data leak prevention (DLP) solution is a must to mitigate the risk of sensitive data being exfiltrated and avoid the scenario of a double extortion. You should also protect sensitive data by restricting its access only to people who need it to do their jobs. Remember that the attackers won't hesitate to release sensitive data on underground forums and websites whether or not you pay the ransom.
3. Ensure that all backups are stored offsite, either physically or in the cloud. Doing so may add an extra layer of security to identify and prevent encryption.
4. In the event of a ransomware attack, consider using a decryptor to recover your data. Many decryptors are publicly available, free of charge, and work with some of the ransomware families. In some cases, you may also be able to partially restore the files using file recovery software.
5. Consult with experts who are used to dealing with ransomware situations. You don't want to add insult to injury by paying the ransom and still not getting the data.

And what of the big question: should an organization pay the ransom or not?

"As a matter of principle, the security community doesn't recommend paying cybercriminals, simply because doing so justifies and propels the ransomware business," Milam said.

"However, we do understand that in some of the highly targeted and most damaging attacks (for example, on critical infrastructure or healthcare providers) there might be no other way to recover and preserve human life but to meet the ransom demands," he added. "Since the individual cases and circumstances vary dramatically, there is no golden rule. In any scenario, though, the victims should work closely with law enforcement and do everything possible to help with the investigation."