In 2021 ransomware was truly brought into the average family’s home. Their weekend BBQ and gas station fill-ups were affected by ransomware. Their nightly news brought talks of Russian hackers and numerous FBI alerts warning of advancing cyberattacks.
Well, get ready, because a new year on the calendar is not going to end the disruptions to business operations. The 2021 attacks were massively successful and profitable, predicting an ugly trend: Ransomware is going to get worse before it gets better.
Based on conversations with hundreds of organizations around the world, and studying millions of client cybersecurity analytics through our data integrity software, here are five unsettling predictions on the path of ransomware in 2022.
- Cybercriminals will get smarter. We saw cybercriminals slip in malicious code into a routine software update in the 2020 SolarWinds attack. Cybercriminals will continue to find new, innovative ways to penetrate the data center and circumvent end-point solutions. Their goal: Do as much damage as possible and make it hard and expensive to recover. In October 2021, ZD Net reported a new strain of malware that can encrypt a corporate system in less than three hours. It capitalizes on the new remote workspaces, breaking in through TeamViewer and deploying within 10 minutes.
- Volume of attacks will continue to increase. JBS Meats, Colonial Pipeline, Air India, and CWT Global made massive headlines and drew record-breaking ransoms. Why would cybercriminals stop now? It’s a lucrative business and attracts more hackers into its criminal enterprise. And now, no hacking skills required. Angry employees, disgruntled patients, and anyone with a grudge can command a cyberattack using Ransomware-as-a-Service such as Conti, which already has over 400 attacks linked to it, according to the FBI.
- Attack vectors will get more sophisticated. Cybercriminals are deploying more sophisticated attack vectors and corrupting data in new ways. Lockfile ransomware was brought to light this past July, doing something unique in the field of ransomware: “intermittent encryption.” This method evades detection of many standard detection tools that do not check the integrity inside file content. Other attack vectors also cause significant destruction while avoiding detection. Jigsaw uses encryption combined with a progressive deletion and CrypMIC corrupts files without changing the extension. We will see more attack vectors that corrupt data in sophisticated ways in order to circumvent basic analytics tools.
- Backups will be targeted. Again, cybercriminals are trying to do as much damage as possible to make organizations as desperate as possible and demand as much money as possible. Disabling, erasing, and encrypting backups will hinder any attempts by organizations to recover. Standard data protection leaves organizations’ backups vulnerable and cyber criminals know it. Among those is Conti, who anyone with funds can elicit, and can execute 160 commands. The FBI has already warned that “malicious actors have also added tactics, such as encrypting or deleting system backups—making restoration and recovery more difficult or infeasible for impacted organizations.” In 2022, relying on backups that have not been analyzed to recover from a ransomware attack is no longer a viable strategy.
- Organizational down time will increase. Average down time is now 23 days, up by two days in 2021. This will continue to increase, causing considerable disruption to businesses and infrastructure. Forget the ransom – that’s only the beginning. Days and weeks of employee work are gone, orders can’t be processed, labor is delayed, cattle can’t be fed … and if an organization is trading publicly, the damage to their reputation is irreparable.
We are hoping these predictions are going to be wrong, but it’s doubtful – and we would rather organizations be protected.