What’s next for ransomware in 2021?

2020 Was a Bad Year for Ransomware. 2021 Will Be Worse.

As we start the new year, many are eager for a fresh start, hopeful for better times; but in the area of cybersecurity and of ransomware in particular, 2021 is unfortunately shaping up to be a far worse year.

Ransomware—a form of malware that prevents a computer system from being used or its data from being retrieved, but with an offer to restore access if the attackers are paid—has proved to be a lucrative criminal pursuit. Industry research assesses that ransom payment amounts continue to climb, reaching an average of $233,817 as of late last year. But the cumulative costs of damage resulting from ransomware attacks are far worse, almost doubling last year from an estimated $11.5 billion in 2019 to $20 billion in 2020.

Looking ahead to 2021, here are three key trends for which businesses should be prepared.

Ransomware will mature

Historically, attackers would often lock up data and systems within seconds of gaining access. Moving forward, experts are expecting to see the growth of a more sophisticated approach, where attackers access a network and first exfiltrate the data so they can not only encrypt it, but also threaten to leak it or sell it if the ransom isn’t paid.

This evolution from a ransom model to an extortion model carries even deeper risks of a cascade into more complex attacks.

Shift to a ransomware-as-a-service model

As expert attackers attempt to avoid the risk of monetizing their skill sets by conducting ransomware attacks of their own volition, they will offer their implants, tools, and system credentials on the underground market. Over time, this proliferation of plug-and-play tools is likely to dramatically expand the universe of criminal elements using ransomware, leaving less-sophisticated defenders more and more exposed.

Technical capabilities of criminal ransomware attacks to reach new heights

As cyber tools and concepts have migrated from the level of nation states, ransomware has already begun to evolve from blind, automated forget-and-fire attacks to a more tailored approach customized at specific targets. This technical evolution will also include more advanced anti-detection techniques—some of which, such as the ability to access and manipulate data without leaving a timestamped digital trail, we are already seeing.

These three expected evolutions in the ransomware threat need to be a critical concern for every business, but they must be of special relevance for organizations in two verticals.


There has already been a substantial rise in ransomware since the onset of COVID-19, and the financial success of those attacks will only cause their pace to accelerate in 2021.

Operating in a highly regulated and sensitive industry, healthcare companies are especially vulnerable to the evolution into extortion, data manipulation, and disinformation. But as hackers get closer to where care is delivered, the greater the probability of seeing ransomware attacks occur, since attackers know the potential for loss of life hangs in the balance. They can prey on emotions and know that time is of the essence for administrators to decide whether to pay or not to pay.

Small- and medium-sized business

While many SMBs undoubtably planned to invest in making their systems more secure in 2020, the COVID-19 crisis simply wasn’t in the budget. With the economic outlook into 2021 still uncertain, companies are continuing to be forced to make difficult budget decisions, and far too many are choosing to de-prioritize strengthening their cyber defenses.

This failure doesn’t rest only on the shoulders of business leaders, who after all, are in their roles precisely because they must often choose between difficult tradeoffs. There has also been a failure by the cybersecurity industry to offer commoditized, widely available endpoint solutions that are easy to access and use within commonly used operating systems. For companies with limited resources, ransomware is likely to continue being an issue until this gap in the market for a more cost-effective solution is addressed.

Smart business leaders have started the new year by making a resolution to ensure they are doing everything they possibly can to protect themselves from the accelerating pace of ransomware attacks. As all signs indicate a growth in both the number and severity of attacks, those who don’t prepare are likely to find themselves looking back on 2020 more fondly than they ever would have imagined.

Follow Plow Networks: Twitter, LinkedIn, Facebook, and Instagram

About Plow Networks

Headquartered in Brentwood, Tennessee in 2012, the founders of Plow Networks came together over a shared vision of offering businesses a unique and best-in-class experience by providing them with a single partner for all of their technology needs.

Businesses are looking for simplicity and a partner they can trust. Plow Networks gives its clients confidence and peace of mind by analyzing their business needs and recommending solutions that Plow Networks can architect, implement, support, and operate; so businesses can focus on growing and achieving their goals. As a result, Plow Networks is now a leading Total Service Provider (TSP) in the IT industry.


Plow Networks
(615) 224-8735

Scroll to Top