New Ransomware Trends You Should Know in 2021

All your files have been encrypted!

That’s how cybercriminals notify you of a ransomware attack on your computer. They further ask you to pay the ransom amount to recover your files, which hardly happens in real life.

Ransomware locks all your files and renders your system useless. Many people pay the cybercriminals in the hope of recovering the data. However, the unethical group hardly ever provides you with the decryption key. Thus, causing data and financial loss at the same time.

Luckily, several antimalware programs can stop such attacks in real-time. In this article, we will look at some ransomware trends of 2021 and how dangerous they are.

So, without any further ado, let’s begin.

The Scale of Ransomware Threat

Ransomware has become one of the most troubling threats in 2021. There are two main reasons for it to happen.

For instance, at the beginning of this year, a cybercriminal group collected 190 Bitcoins from a single ransomware program. They ran several attacks targeted at multiple devices using the same ransomware program. The amount they gathered through ransom is roughly equal to 12 million USD at the current conversion rate.

As more hackers come to know about such stats, there is a high chance that these attacks will grow in number. Here are some key takeaways for the year 2020 from Sophos’ annual ransomware survey.

  • 51% of companies mentioned a successful ransom attack on their server.
  • 26% of companies paid the asked ransom amount.
  • Companies recovered only 65% of total data on average.
  • Criminals asked for $180,000 from big companies.
  • Criminals asked for $6000 from small businesses.
  • The initial investment for a ransomware attack can be as little as $50.
  • A new ransomware attack is attempted every 11 seconds.


Why is Ransomware Trending?

Although the number of successful ransomware attacks is declining because companies take security measures, the number of attempts has significantly increased.

One of the primary reasons for the hike in ransomware attacks is the decline in other cybercrimes. For instance, an APT group that targets a financial enterprise is finding it challenging to operate due to a lack of money mules.

The APT group requires dedicated members and imposters in a company to operate. Remote work has made it harder for such gangs to execute their nefarious operations. Therefore, they rely on the next best method to fetch money from big enterprises, i.e., through ransomware.

Another advantage for cybercriminals while using a ransomware attack is data collection. If a company denies paying the ransom amount, criminals sell their data on the darknet.

One more noteworthy ransomware trend is the decline in targeting home users. The effectiveness of a successful ransomware attack is directly proportional to how much profit cybercriminals can make.

The primary channel of spreading ransomware to home users is through email. As the younger generation has shifted to instant messaging, opening spam emails is a thing of the past. Awareness about spam mails has also played a significant role in this area.

Moreover, many users have shifted from desktop to mobile devices, which is evident from the drop and hike in sales for desktop and smartphones, respectively.

Besides, most of us have our essential documents and photos backed up on a cloud server. It significantly brings down the necessity to pay for recovering your data.

On the other hand, all sorts of companies have become the likely target for cybercriminals. For once, they have more money to pay as a ransom. Secondly, they have their reputation to protect. If a company denies paying the ransom and their user data is leaked, they will surely see a drop in userbase.

Factors Contributing to Ransomware Attacks

Let us look at some direct and indirect factors that are contributing to the trending ransomware attacks.

Maze Ransomware

One of the most prominent ransomware families is Maze ransomware. The developers behind this one have set the bar too high for ransomware in general. The group has pledged not to attack any medical institution or companies affected by the economic crisis.

Instead, they target the capitalist class creating a Robinhood image among their cult. Maze groups have also interacted with media repeatedly to boost their reputation.

Maze is a pioneer in creating a cartel of cybercriminals. They share their programs, tactics, and information of compromised companies to retarget them. They use phishing emails, exploit kits, or use system vulnerabilities to execute an attack.

Some other famous ransomware families are Jigsaw, Dharma, Ryuk, and Sodinokibi.


Remote Access Trojan

Phishing emails have been the primary distribution channel for cybercriminals. However, there is an increase in the number of attacks using RAT programs.

A trojan is an app that infiltrates a system disguised as harmless software. Later, it sideloads other malware on the system. RATs are not a very popular subject because their presence is hardly noticeable. It might often happen that a trojan brought ransomware to your system, and you never realize the entry point.

Trojans can also cause harm by collecting user data, keystrokes, behavior, app usage, and more. Therefore, it is one of the most dangerous malware hiding in plain sight.

Mode RAT programs can have multiple modules to execute countless tasks. Moreover, a modular architecture helps developers create a copy as per their requirements in a particular project.

Since cybercriminals can access RAT programs remotely, it is often challenging to target them, making it one of the go-to options for unethical tasks.


Remote Desktop Protocol

The pandemic has forced us to shift towards remote working to keep the world going. It has undoubtedly helped video conference platforms like Zoom. It has also created new use cases for Microsoft’s Remote Desktop Protocol.

RDP is a Windows tool that allows users to connect to a remote computer on a connected network. Something similar to the third-party software Anydesk, but built-in. Due to its simplicity and usability majority of the companies have started using it.

The increased number of users on the RDP platform has also attracted cybercriminals. There have been multiple exposures on RDP, among which BlueKeep vulnerability is widespread., a dedicated search engine for internet-connected devices, raised caution for around 4 million systems on the internet with an open RDP port.

Cybercriminals can scan and exploit such devices, which they have done repeatedly this year. Cybercriminals have also exploited SMB and POP3 to steal confidential information. Cisco revealed that 1/3rd of their company faces RDP-related issues every month.

Working from Home

More than half of companies had to transfer 50-100% of their employees for remote work in the pandemic. Cybercriminals quickly sensed this opportunity and actively took part in creating fake websites.

There was a hike in domain names containing “Coronavirus” and “COVID” in the URL. Unethical developers created websites with similar domain structures and presented COVID-related news on their websites. Further, they use this opportunity to distribute ransomware and other malware programs to user computers.

Stealing Passwords

Cybercriminals tend to steal user passwords for entering the system. It is the second most used criminal activity by ransomware gangs after phishing.

Usually, legitimate accounts help cybercriminals go undetected while doing their notorious tasks. Unlike Trojans or exploiting vulnerabilities, a mole is hard to detect using traditional security programs. Only a well-devised behavior analysis program can help you discover an intruder in your system.

Login ids and passwords are usually stored in a browser’s cached information or another similar place. Ransomware gangs use special tools to collect this data. One such program is named Mimikatz. Developers initially used it for penetration testing to detect and solve vulnerability issues. However, the tool became popular underground, and attackers are using it to steal user information.

Attack on Medical Institutions

Many ransomware gangs boldly claim that they do not attack a healthcare institution. However, we have seen an increased rate of medical field exploits in the last year.

Cybercriminals are interested in big hospitals, medium-sized clinics, and government records dealing with medical information.

Firstly, the information can provide sensitive details about the patients. They can then target those individuals.

Secondly, pharma industries are known to pay the ransom quicker than any other industry. The inconvenience raised by equipment failure leads to life or death situations.


There have been increased ransomware attacks in the year 2021. I expect the number to rise in the following months due to the complete digitalization process worldwide. Meanwhile, cybercriminals are getting smarter, and it will be challenging to tackle them with older technologies. In the end, it is best to practice cybersecurity practices to keep your organization safe.