A Ransomware Outlook for 2022

Ransomware continued to be a thorn in the side of businesses and governments through 2021, with statistics from the 12-month period outlining just how serious and rampant the challenge has become.

The average ransom demand globally rose to $220,298 last year – up 43% on 2020. Further, the average recovery cost resulting from recovery expenses, ransomware removal and opportunity cost is now said to be as much as $1.85m

CrowdStrike’s annual Global Security Attitude Survey meanwhile revealed similar upward trends, stating that the average ransom payment increased from $1.10m in 2020 to $1.79m in 2021 – an increase of 63%.

Further, the report also shows that two-thirds (66%) of respondent organizations suffered at least one ransomware attack for the year, again up on the 56% that reported an attack in 2020. 

However, to say these figures weren’t in line with expectations would be false.

Year after year, threat actors have ramped up their ransomware activities. Yet the past two years have seen attacks become both more sophisticated and bolder, with recent attacks resulting in devastating consequences.

Critical infrastructure was targeted more readily through 2021, the Colonial Pipeline attack in the United States standing as a prime example. Here, the infrastructure system responsible for approximately half of the US East Coast’s fuel supply was forced to grind to a halt as hackers successfully disabled its billing systems, only unlocking them after a $4m ransom payment was made.

Shockingly, one ransomware attack on a hospital in Dusseldorf, Germany, was linked to the death of a woman in 2021 after she was diverted to another city to be treated. 

The year also saw cyber-attacks make a record $70m ransom demand from remote management software specialist Kaseya, the company having been affected by a zero-day exploitation that went on to impact 1500 businesses – a supply chain attack rivaling that of the infamous SolarWinds incident of 2020. 

In every sense, ransomware attacks reached new heights in 2021 – a trend that we don’t expect to slow down anytime soon in 2022. 

Threat actors continue to find new ways of infiltrating systems, exacerbating attacks and pressuring victims as they grow bolder, their confidence underpinned by a series of ever more advanced technologies and techniques. 

"Year after year, threat actors have ramped up their ransomware activities"

The current landscape is also providing fertile grounds for threat actors to thrive. 

Since the pandemic has normalized remote and hybrid working models, companies are continuing to expand their digital footprints to operate as successfully as possible in the new normal. Yet as the proliferation of cloud and digital transformation continues to ramp up, we can expect a greater volume of ransomware attacks – be it those exploiting the vulnerabilities in misconfigured cloud applications or more typical phishing via email attachments and links.

Indeed, as we saw ransomware threats worsen in 2021, the same is almost inevitable for 2022. Therefore, companies must work to bolster their security posture and better protect themselves in the event of such an attack. 

This should involve placing greater emphasis on business continuity and disaster recovery – solutions in this domain can be critical in reducing the potential impact of a ransomware attack that, as we have already discussed, cost $1.79m on average in 2021.

Firms should also monitor and respond to the latest threats. Where supply chain attacks have been shown to be incredibly damaging, the risks associated with third-party connectivity and integration should be considered to manage or minimize the attack surface, for example. 

Today, the challenge is that much of the drive for critical security enhancements such as these lies with firms themselves. Yet, there is the potential for this to change in 2022 and beyond. 

According to a recent Menlo Security poll, 55% of respondents believe that the responsibility for their protection should fall firmly at the feet of the government – a sentiment that is beginning to gain greater traction. 

In the APAC region, mandatory reporting procedures on ransomware have recently been introduced, and we expect further government action to be introduced globally moving forward, from greater guidance to new regulations. 

Further, we see key parties working together more closely in combatting cybercrime during the coming year after the success of recent initiatives such as DMARC – an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use that was introduced off the back of collaboration between PayPal, Google, Microsoft and Yahoo!. 

Be it public, private or public-private partnerships, such cooperation will be vital in combatting both ransomware and other modern cyber-threats more effectively moving through 2022 and beyond. 

What’s Hot on Infosecurity Magazine?