Ransomware Trends in 2021 & Predictions for 2022

Jan 24, 2022

Ransomware is one of the most dangerous cybersecurity threats facing organisations globally. Attackers focus on any organization of any size, so every business should be aware of ransomware and its potential damage. 2021 saw an all-time high in ransomware attacks. SMBs, schools, global supply chains, healthcare providers, government organisations, and MSPs were among those affected by ransomware attacks. This guide will discuss some of the ransomware trends found in 2021, predictions for 2022, and how to protect your organisation from these crippling attacks.

Ransomware in 2021

2021 was an all-time high of ransomware attacks. Not surprising, 2021 was the most costly and dangerous year on record based on the sheer volume of ransomware attacks. In a SonicWall report, they reported 500 million attempts of ransomware attacks in 2021. According to the 2021 “Verizon Data Breach Investigations Report”, approximately 37 percent of global organisations said they were the victim of some form of ransomware attack in 2021. In 2021, it’s estimated that 30,000 websites were hacked daily, and 64% of companies worldwide experienced at least one form of a cyberattack (Techjury). Many large, popular enterprises were targeted in 2021 with ransomware being a primary payload, making major headlines when these organisations were unable to function or were forced to halt production until they recovered. However, it was the Small to Medium businesses who really took the brunt.

Consequences of Ransomware Attacks

Data loss is a major cybersecurity issue because of ransomware attacks, and cybercriminals know this. By demanding money (usually in Bitcoin or other cryptocurrency), organisations pay the fee in order to gain access to decrypted files and restore data. However, this comes with enormous risk. Once paid, there is no guarantee that private keys and data will be provided. Could the organization face legal action? Will data be returned after the ransom is paid? How will this affect customers? These are just a few of the questions victims of ransomware attacks need to consider. Ransomware is irreversible, so organisations are left unable to be operational and stay in production.  However, cybersecurity experts suggest that no organization should pay the ransom. They suggest that it further encourages attackers to continue making variants and exploiting vulnerabilities. Unfortunately, many organisations have no choice but to pay the ransom and hope for their sensitive files in return. 2021 saw the average ransom fees rise. While there are some staggering numbers for large enterprise companies – the SME marketplace is difficult to measure as not all companies report the impact. However, ransom fees are far from the only costs to victims. The cost of recovery can vary from business to business, but the main factors in costs include:

  • Downtime
  • People hours
  • Implementing a stronger cybersecurity solution
  • Repeat attacks
  • Higher insurance premiums
  • Legal defence and settlements
  • Loss of reputation
  • Loss of business
  • Brand damage
  • Loss of customer

Ransomware attacks can cause major disruptions to an organisation; hence a good and effective security strategy is essential. A DNS Filter combined with an Email Security Solution as a multi-layered approach will help organisations in all industries to prevent ransomware attacks.

Ransomware Predictions in 2022

Numerous ransomware attacks made headlines all over the world in 2021. Hacking groups REvil and DarkSide caused destruction to critical infrastructures, such as the Colonial Pipeline attack that interrupted oil and gas economies. Ransomware is a booming business for malware authors, and experts predict to see more attacks in 2022. It’s a multibillion-dollar industry, so it’s not surprising that attackers will continue to aggressively deliver ransomware payloads and extort money from its victims. Many ransomware gangs operate similarly to normal businesses with teams in marketing, software development, support and media.  They are relentless, which is why the trend will continue.

Rise in Ransomware as a Service

Upguard defines Ransomware-as-a-service (RaaS) as a “subscription-based model that enables affiliates to use already-developed ransomware tools to execute ransomware attacks. Affiliates earn a percentage of each successful ransom payment. RaaS is an adoption of the Software-as-a-Service (SaaS) business model.” Ransomware kits (RaaS kits) are sold on the dark web as a service, just like you’d find a typical SaaS model on sale from a legal provider. RaaS kits provide criminals with the resources to launch a ransomware attack without the need for development knowledge or technical skills. These RaaS kits are cheap, subscription-based, and they come with access to forums, support, and future purchase discounts. Because of their support and distribution model, RaaS kits are accessible and easy to use for cybercriminals. As more RaaS kits are deployed, the specific malware author is often difficult to identify. Because clients are not the ones deploying the ransomware, the RaaS model is also difficult to stop and detect. Most RaaS attacks are deployed from a centralized server behind the Tor network, and malware authors lease command-and-control features to customers who can launch an attack with the click of a button. Security experts predict that 2022 will most certainly bring an influx of RaaS.

The Rise of Remote Access Markets

In the coming months of 2022, we predict that another form of ransomware methodology will expand.


Remote access markets are automated stores that allow threat actors to sell and exchange access credentials to compromised websites and services (Source: Kela 2020). Remote access markets are used by cybercriminals to access sensitive data within an organisation and threaten them with ransom demands using RaaS operators. RaaS and remote access markets expand the business of ransomware and could be a growing threat to watch in the coming year. In 2022, we may see the rise in threat actors buying access to organisations and deploying malware into their infrastructure. Because the attacker has access to the organization, numerous attacks in addition to ransomware could be deployed. For example, it’s not uncommon for attackers to install backdoors and other malware on the network to ensure persistent access to operational infrastructure.

Fight against Ransomware

It is predicted in 2022 will see governments around the world come together to fight ransomware hacker groups. Governments will join forces to protect critical infrastructure and supply chains. This prediction stems from a global meeting held by the US government meant to collaborate with country leaders in an effort to tackle the rising ransomware problem. Following the global ransomware summit, law enforcement agencies worldwide amplified their proactive activities against ransomware gangs. Europol and Interpol recently conducted investigations to stop ransomware groups from continuing their operations. One target for Europol and Interpol is REvil, which led many of the biggest ransomware attacks in 2021. As a result of governments coming together to fight ransomware worldwide, this will have a significant impact on the ransomware landscape in 2022.

Building a Ransomware Defence Strategy

Ransomware attacks are increasing, and attack methodologies are constantly changing and adapting. As more cybersecurity infrastructure is developed and deployed to stop ransomware, malware authors change their code to bypass defences. If your organisation is hit with a ransomware attack, it could have a detrimental effect, making it vital for organisations to implement a ransomware defence strategy before an attack strikes.

Here are key critical elements that you should include in your ransomware defence strategy to mitigate risks:


Embrace a zero-trust model

Organisations must introduce a zero trust model. This means that user accounts should never be trusted and always verified whenever data access is requested.

Employee training and security tests

Employee cyber security training is extremely important to avoid many human errors and negligence behind a successful ransomware attack. Employees are the attack gateway to an organisation, and they must know how to spot a phishing email and a spoofing or impersonation email. Once training is complete, organisations should test employee security awareness training with fake phishing emails to identify those who could use improvement and additional education. This can be done by using effective security awareness training software.

Patch frequently

By maintaining a consistent patch management policy, this will reduce the risk of zero-day vulnerabilities and ransomware attacks. It also reduces risk of an exploit from known security vulnerabilities in outdated software.

Password management

Organisations should change default passwords always and ensure all passwords are complex with a mix of upper and lowercase letters, special characters, and numbers. The use of a password generator can be helpful to create a password that cannot be brute forced in dictionary attacks or password sprays. A password manager tool is also recommended to store all passwords.


Although MFA will not entirely stop a ransomware attack, it is an important method in stopping account compromises used to deploy malicious payloads using legitimate accounts with hacked credentials.

Implement security solutions to block all malware and phishing

The use of cybersecurity solutions to prevent ransomware attacks is crucial. There is a whole variety of technologies available, but all organisations must have: (1) A DNS filtering solution to block malware and email links to malicious websites and (2) Email security to prevent phishing emails, spoofing, scanning of malicious attachments and links within an email message.

How can Tech Precision help?

As a trusted MSP, Tech Precision offers affordable security for SME clients.  We utilise advanced web filtering providing both protection from HTTP and HTTPS security threats as well as advanced DNS filtering control. It blocks malware, phishing, viruses, ransomware and proactively blocks malicious sites from user access. We also implement email Security which blocks phishing, malware, spam, viruses, and other malicious email threats. Tech Precision provides advanced yet easy to use protection tools for your business. Contact us to dicuss your needs.

Case Studies

Case Study – Altro APAC Pty Ltd

Case Study – Altro APAC Pty Ltd

<< BACK TO CASE STUDIESCLIENT PROFILE   Company Altro APAC Pty Ltd Industry Health Care Country Australia/International Employees 26 Website asf.com.au Altro APAC turn to Tech Precision to revamp company infrastructurePart of a 100+ year old family founded...

Case Study – Whiteboards Australia

Case Study – Whiteboards Australia

<< BACK TO CASE STUDIESCLIENT PROFILE   Company Whiteboards Australia Industry Education & Corporate Country Australia Employees NA Website whiteboardsrus.com.au Whiteboards Australia turn to Tech Precision to revamp company infrastructure.Are the premier...

Article Archives

Client testimonials

(We) certainly benefited by having a Health Check

Owner / Director
OH&S Services

Talk to an IT Solutions Expert


Need to talk to an IT Expert? Fill the the enquiry form and one of our experts will get in touch with you shortly. If you prefer to give us a call, we are ready to talk on:


1300 788 738


  • This field is for validation purposes and should be left unchanged.