Ransomware Trends in 2021 & Predictions for 2022

Ransomware in 2021

2021 was an all-time high of ransomware attacks. Not surprising, 2021 was the most costly and dangerous year on record based on the sheer volume of ransomware attacks. In a SonicWall report, they reported 500 million attempts of ransomware attacks in 2021. According to the 2021 “Verizon Data Breach Investigations Report”, approximately 37 percent of global organisations said they were the victim of some form of ransomware attack in 2021. In 2021, it’s estimated that 30,000 websites were hacked daily, and 64% of companies worldwide experienced at least one form of a cyberattack (Techjury). Many large, popular enterprises were targeted in 2021 with ransomware being a primary payload, making major headlines when these organisations were unable to function or were forced to halt production until they recovered. However, it was the Small to Medium businesses who really took the brunt.

Consequences of Ransomware Attacks

Data loss is a major cybersecurity issue because of ransomware attacks, and cybercriminals know this. By demanding money (usually in Bitcoin or other cryptocurrency), organisations pay the fee in order to gain access to decrypted files and restore data. However, this comes with enormous risk. Once paid, there is no guarantee that private keys and data will be provided. Could the organization face legal action? Will data be returned after the ransom is paid? How will this affect customers? These are just a few of the questions victims of ransomware attacks need to consider. Ransomware is irreversible, so organisations are left unable to be operational and stay in production.  However, cybersecurity experts suggest that no organization should pay the ransom. They suggest that it further encourages attackers to continue making variants and exploiting vulnerabilities. Unfortunately, many organisations have no choice but to pay the ransom and hope for their sensitive files in return. 2021 saw the average ransom fees rise. While there are some staggering numbers for large enterprise companies – the SME marketplace is difficult to measure as not all companies report the impact. However, ransom fees are far from the only costs to victims. The cost of recovery can vary from business to business, but the main factors in costs include:

• Downtime
• People hours
• Implementing a stronger cybersecurity solution
• Repeat attacks
• Higher insurance premiums
• Legal defence and settlements
• Loss of reputation
• Loss of business
• Brand damage
• Loss of customer

Ransomware attacks can cause major disruptions to an organisation; hence a good and effective security strategy is essential. A DNS Filter combined with an Email Security Solution as a multi-layered approach will help organisations in all industries to prevent ransomware attacks.

Ransomware Predictions in 2022

Numerous ransomware attacks made headlines all over the world in 2021. Hacking groups REvil and DarkSide caused destruction to critical infrastructures, such as the Colonial Pipeline attack that interrupted oil and gas economies. Ransomware is a booming business for malware authors, and experts predict to see more attacks in 2022. It’s a multibillion-dollar industry, so it’s not surprising that attackers will continue to aggressively deliver ransomware payloads and extort money from its victims. Many ransomware gangs operate similarly to normal businesses with teams in marketing, software development, support and media.  They are relentless, which is why the trend will continue.

Rise in Ransomware as a Service

Upguard defines Ransomware-as-a-service (RaaS) as a “subscription-based model that enables affiliates to use already-developed ransomware tools to execute ransomware attacks. Affiliates earn a percentage of each successful ransom payment. RaaS is an adoption of the Software-as-a-Service (SaaS) business model.” Ransomware kits (RaaS kits) are sold on the dark web as a service, just like you’d find a typical SaaS model on sale from a legal provider. RaaS kits provide criminals with the resources to launch a ransomware attack without the need for development knowledge or technical skills. These RaaS kits are cheap, subscription-based, and they come with access to forums, support, and future purchase discounts. Because of their support and distribution model, RaaS kits are accessible and easy to use for cybercriminals. As more RaaS kits are deployed, the specific malware author is often difficult to identify. Because clients are not the ones deploying the ransomware, the RaaS model is also difficult to stop and detect. Most RaaS attacks are deployed from a centralized server behind the Tor network, and malware authors lease command-and-control features to customers who can launch an attack with the click of a button. Security experts predict that 2022 will most certainly bring an influx of RaaS.

The Rise of Remote Access Markets

In the coming months of 2022, we predict that another form of ransomware methodology will expand.

Access-as-a-Service

Remote access markets are automated stores that allow threat actors to sell and exchange access credentials to compromised websites and services (Source: Kela 2020). Remote access markets are used by cybercriminals to access sensitive data within an organisation and threaten them with ransom demands using RaaS operators. RaaS and remote access markets expand the business of ransomware and could be a growing threat to watch in the coming year. In 2022, we may see the rise in threat actors buying access to organisations and deploying malware into their infrastructure. Because the attacker has access to the organization, numerous attacks in addition to ransomware could be deployed. For example, it’s not uncommon for attackers to install backdoors and other malware on the network to ensure persistent access to operational infrastructure.

Fight against Ransomware

It is predicted in 2022 will see governments around the world come together to fight ransomware hacker groups. Governments will join forces to protect critical infrastructure and supply chains. This prediction stems from a global meeting held by the US government meant to collaborate with country leaders in an effort to tackle the rising ransomware problem. Following the global ransomware summit, law enforcement agencies worldwide amplified their proactive activities against ransomware gangs. Europol and Interpol recently conducted investigations to stop ransomware groups from continuing their operations. One target for Europol and Interpol is REvil, which led many of the biggest ransomware attacks in 2021. As a result of governments coming together to fight ransomware worldwide, this will have a significant impact on the ransomware landscape in 2022.

Building a Ransomware Defence Strategy

Ransomware attacks are increasing, and attack methodologies are constantly changing and adapting. As more cybersecurity infrastructure is developed and deployed to stop ransomware, malware authors change their code to bypass defences. If your organisation is hit with a ransomware attack, it could have a detrimental effect, making it vital for organisations to implement a ransomware defence strategy before an attack strikes.

Here are key critical elements that you should include in your ransomware defence strategy to mitigate risks:

How can Tech Precision help?

As a trusted MSP, Tech Precision offers affordable security for SME clients.  We utilise advanced web filtering providing both protection from HTTP and HTTPS security threats as well as advanced DNS filtering control. It blocks malware, phishing, viruses, ransomware and proactively blocks malicious sites from user access. We also implement email Security which blocks phishing, malware, spam, viruses, and other malicious email threats. Tech Precision provides advanced yet easy to use protection tools for your business. Contact us to dicuss your needs.

Case Studies