How ransomware will evolve in 2022

In 2016, the year before WannaCry and NotPetya, 9% of organisations were hit by ransomware. Last year, 29% reported being hit (https://datahealthcheck.databarracks.com/2021/). We expect 2022 to be the year that cyber overtakes human error and hardware failure as the top cause of data loss.

More sophisticated attacks

Ransomware has been getting more specific and more sophisticated. Rather than blasting thousands of organisations for a ransom of $500, the attacks are targeted and demands are for millions of dollars.

We still talk about “ransomware” as the issue but in fact, attacks now are more like cyber extortion, that include ransomware.

Ransomware is one part of the attack, paralysing the systems, but they’re now combined with  ‘double extortion’ attacks, threatening to leak sensitive data too. In some cases, that is the more significant part of the attack. Initially attackers would threaten to leak personally identifiable information to make the victim liable for GDPR fines but this now includes Intellectual Property and even sensitive internal communications that would cause embarrassment.

Increased attacks on backups

The other way to increase the chance of the victim paying the ransom is to remove their alternatives. If attackers can compromise backups – the victim has no other choice but to pay. We expect to see more ransomware targeting backups increase in 2022.

Fewer cyber insurance payouts

In the last year we’ve seen the insurance industry come to face the monster it has created. By favouring a quick pay-out of the ransom instead of a potentially greater Business Interruption claim. Those payments fed the vicious cycle until it became clear cyber insurance was no longer a viable market.  Insurers are now setting more stringent requirements in order to get cover and hopefully limit the number of claims they need to pay out on.

Ransomware gangs going into hiding

Attackers had become brazen, being quite open about their operations. Then, international diplomacy led by the US and enforcement really started to make a dent – notably taking down REvil.  In 2022 the gangs will be forced to keep a lower profile. The tipping point may have been the Colonial Pipeline attack which made gas shortages a problem for the White House. We expect attackers will shy away from targets like Critical National Infrastructure and focus on safer, commercial targets that won’t attract the attention of foreign governments.