Ransomware Forecast for 2022

Ransomware Forecast for 2022

January 26, 2022

We are in the midst of a ransomware crisis, with the epidemic intensifying as we start 2022.

Ransomware will not only remain prevalent, but become increasingly modular and service based, according to the Sophos 2022 Threat Report. As a result, ransomware will pull other cyberthreats into its business model, like a “black hole,” creating a massive, interconnected delivery system for unloading ransomware onto victims worldwide.

Here are a couple of trends need to be kept top of mind:

Ransomware-as-a-Service Will Become More Prevalent

Over the last two years we’ve watched a growing “ransomware-as-a-service” (RaaS) trend, wherein malware developers create ransomware packages and lease them to attackers to do the actual dirty work. This makes it more difficult to determine who is behind an attack since ransomware is sold to multiple affiliates, and different attack groups deploy similar tactics, techniques, and procedures (TTPs) in their attacks. It also means ransomware is becoming more streamlined and profitable for those creating the code, with this new approach requiring less effort end-to-end.

In 2021, RaaS attacks grew more popular than those executed by single ransomware groups. Some of the biggest ransomware attacks of the year, like the Colonial Pipeline breach, were executed by RaaS-enabled groups.

In 2022, the RaaS business model will become even more prevalent. We are already seeing RaaS gangs innovate new ways to break into progressively more well-defended networks, and we expect to see them continue to down this path in the year to come.

Extortion-Style Ransomware Will Becoming More Severe

An independent survey commissioned around the state of ransomware in 2021 found that while extortion-only ransomware made up a relatively small amount of overall ransomware attacks, it was quickly on the rise – more than doubling from 3% of all attacks the previous year to 7%. Expect this to get worse in 2022.

The tactic is simple. The attacker steals and copies the data and threatens to release it publicly or auction it on the dark web unless a ransom is paid. Rather than locking data up so that organizations can’t access it, attackers threaten to put it all into the public. For some, this is mortifying, for others in industries like healthcare for example, this can put their business at risk for breaches of regulation.

These tactics are picking up traction, and based on their past success, we expect them to be leveraged more often in 2022.

Special thanks to our security partner, Sophos, for providing information for this article.

Tracy Hardin

Tracy Hardin

Tracy Hardin is President and founder of Next Century Technologies in Lexington, KY. She has a bachelor's degree in computer science from the University of Kentucky and has earned certifications from Novell, Cisco and CompTIA. Her specialties in the field of IT are network design and security, project management and improving productivity through technology. She loves helping people by sharing her knowledge of tech.