Skip to content

6 Ransomware Trends All Employees Should Watch For in 2021

Ransomware is an ever-present and worsening problem in today’s society. It’s crucial to stay abreast of related trends, regardless of a person’s role or rank within a company. Here are six ransomware trends to consider sharing with your employees. 

1. Decision-Makers Paying the Ransom and Not Getting Results

Ransomware happens when cybercriminals gain access to files and encrypt them, then demand that the victim pay to get the data back. A recent report from Mimecast indicated that 52% of affected parties paid the amounts. However, only 66% of the entities in that segment recovered the data. Another 34% didn’t get any of it back, even though they paid the ransom.
Understandably, some people under pressure in desperate situations would opt to pay the ransom and hope for the best. However, you can decrypt your files for free with online tools, provided you know what kind of ransomware affected the system. Becoming familiar with those options is a smart thing to do in case you ever need the knowledge later.

2. Ransomware Volume Continues Growing

Unfortunately, with ransomware, you can safeguard a system against a few types and stay in the clear. Hackers regularly develop new, more damaging kinds, trying to always stay ahead of any defensive measures their targets might take.
Cybersecurity researchers at McAfee recorded a 69% increase in new ransomware between the third and fourth quarters of 2020. They also clarified that many of the attacks capitalized on vulnerabilities in work-related apps and processes, such as VPNs and remote management tools.
Read more about the recommendations we have to help mitigate against ransomware attacks in our post below.

3. Cybercriminals Increasingly Use Social Engineering

Online criminals who plan and deploy ransomware attacks use various methods to achieve their aims. They also typically choose targets that enable them to do the most damage, such as hospital networks.
Managed service providers (MSPs) are also commonly hit because criminals can affect all those companies’ clients. One such recent attack caused at least $20 million in losses. Although MSPs are common targets, other business types are at risk, too.
For example, a research paper indicated that social engineering attack rates climbed during the COVID-19 pandemic. The authors expanded their search beyond ransomware to include all internet threats. Still, they noted that the dramatic increase in people working, shopping and otherwise doing more things online likely caused the shift. Plus, some criminal campaigns specifically involved COVID-19-related messages to catch people’s attention.
weekly ransomware attacks chart

4. Cybersecurity Researchers Warn of Triple Extortion

Not long ago, the cybercriminals who caused ransomware attacks only locked victims’ access to their files. They then began more frequently using so-called double-extortion approaches.
In those cases, hackers stole files and threatened to leak the data unless they received payment. Cybersecurity security researchers recently explored a triple extortion tactic, first identified as an issue in October 2020.
Hackers still demand payment from their primary targets, locking down the data and threatening to leak it. However, a new aspect involved the hackers engaging with the people who had their data stolen. The first notable instance of this happened at a 40,000-patient Finnish psychotherapy clinic. Hackers emailed patients directly, saying they’d leak their therapy notes unless the people paid them not to.

5. Ransomware Remediation Costs on the Rise

Another worrisome ransomware trend is that it costs progressively more to fix these issues after they happen. A study showed that the average remediation cost in 2020 was $761,106. However, it’s now an estimated $1.85 million in 2021.
The study also found that fewer respondents reported experiencing data encryption from ransomware since the last edition of the research. However, since the costs to address the problem increased so quickly, the study’s publishers warned that cybersecurity teams should stay alert for complex attacks that are more likely to have higher financial ramifications.

6. Ransomware-as-a-Service Gaining Prominence

An increasing number of “as-a-service” brands cater to individuals and companies that need resources and want to reduce the logistics involved to avail of them.
For example, a manufacturing executive might work with a robots-as-a-service company. They can typically rent an industrial robot for a flat rate that includes installation, maintenance and any other necessities. Cybersecurity researchers are keeping a close watch on a trend where people offer ransomware-as-a-service, usually by marketing themselves on the dark web.
Ransomware groups even hire hackers that share their views and agree to operate within certain parameters. For example, the people who work for a ransomware group might only target particular countries or commit to never attacking specific industries. The groups hiring the hackers usually take a 20%-40% cut of the profits from attacks, with the person working on behalf of those organizations keeping the rest.

Ransomware Remains Concerning

These six trends highlight why ransomware isn’t going away. Criminals continually create new attack methods and think of additional tactics to raise their success rates. These patterns pose challenges for businesses, particularly since attacks can compromise essential data and systems. It can also take days or weeks to resolve them. That often means affected companies operate with restrictions that compromise their profits. It’s even harder to recover if victims opt to pay ransoms.

However, having an awareness of the trends is an excellent way to determine how to conquer ransomware in your organization. From there, consider how you might back up files, perform a cybersecurity audit or familiarize yourself with some of the social engineering tactics that criminals often use. 

Remember that employee training is vital for safeguarding against ransomware. Indeed, a company can follow cybersecurity best practices and still get attacked. However, relatively simple precautions like never interacting with unexpected links or files in an email can help workers play their part in reducing the likelihood of dealing with ransomware.

It’s important to stay on top of cybersecurity before it’s too late. If you’d like to learn how to build a solid Cybersecurity Incident Response Plan, check out our blog post below. To learn more about the health of your business’ cybersecurity, take our free, self-guided IT security risk assessment today.



Guest Writer: Devin Partida

Devin Partida is a data center and networks writer whose work has been featured on AT&T’s cybersecurity blog, Yahoo! and other notable publications. To read more from Devin, please visit, where she is the Editor-in-Chief.


Related Blogs