Ransomware attacks jumped significantly in 2021, and that trend looks like its set to continue into the next year. The frequency and cost of ransomware attacks keeps rising, with attacks growing more targeted and more devastating.
It doesn’t look like things are going to get any better going into 2022, so you’d better buckle up.
Ransomware Operators Getting Increasingly Organized
In 2021, we saw an unprecedented level of organization among ransomware threat actors, with the formation of a nascent venture capital ecosystem, aggressive advertising campaigns touting ransomware features, employee recruitment, complete with resumes, and even competitions with prizes for developing the best ransomware software.
Cryptocurrency is enabling the formation of larger and larger groups and more cooperation between different players in the ransomware space. Escrow services, invoices, and binding contracts can all be arranged without those using them needing to know each other’s identity, so this allows criminals a level of legal protection in their dealings with each other which has never been seen before.
Protection Money
A new and frightening development is the possibility of ransomware gangs collecting “protection money” from potential victims. The most powerful ransomware gangs could eventually form a syndicate which demands monthly payments in exchange for not attacking organizations.
Gangs could even claim “turf” and go to war with each other for infringing on each other’s turf, much as happens with gangs in the real world.
Cyber insurance Premiums Rising
With the upsurge in ransomware, more and more companies are turning to cyber insurance that covers paying the ransom in the event of an attack. The effectiveness of ransomware threat actors means that insurance companies are paying out huge amounts. To cover these losses, they are increasing their premiums.
In Q1 of 2021 alone, cyber insurance premiums increased by approximately 25%. These increases are poised to continue into 2022, meaning that the costs of the ransomware crisis will be distributed through the economy.
Major Vulnerabilities Appearing
The Log4Shell vulnerability was first discovered on December 9th, and it is not confirmed to have cause ransomware cases. The Conti ransomware gang was the first major ransomware group documented exploiting the vulnerability in the wild, and more are sure to follow.
Log4Shell is especially worrying because it is so ubiquitous. Almost every system in the world, whether PC or enterprise network, uses Log4J. As soon as the vulnerability went public, hackers began scanning the entire internet for systems running software with the vulnerability.
A number of commentators have described this as one of the biggest, baddest design flaws ever. Some have even described the implication as “apocalyptic.” It’s expected that Log4Shell will be haunting us for years to come because of how widespread it is.
Greg Linares, a cybersecurity researcher, set up a “honeypot” network, which is deliberately designed to look vulnerable. On December 15th, he reported approximately 3,400 attempts per minute to use the exploit. The majority of the payloads were information stealers, followed by crypto mining malware, and last but not least, ransomware.
The Great Resignation
There has been much talk about “the great resignation.” Now that work is increasingly remote, employees have more employment options than ever before. This means it has become very easy to change jobs.
Shortages in employees means more workload on those who remain. It can also mean new employees entering positions without detailed knowledge of security protocols.
A large percentage of ransomware attacks rely on phishing tactics, and new employees tend to be much more vulnerable to phishing. The longer someone works at a job, the better able they are to detect unusual activity.
Escalating Geopolitical Tensions
Russia is poised to invade Ukraine, and China is getting more belligerent in the South China Sea. It’s well understood by now that many ransomware attacks originate from these regions, partly due to governments providing the safe havens.
If geopolitical tensions keep escalating, it’s possible that countries will start to develop more state-sponsored hacking groups, as well as promoting the development of more independent groups.
How to Prepare
As unpleasant as it may be, more time and resources will simply have to go toward cybersecurity. Keeping up to date with the best and latest antivirus software and implementing active network monitoring are no longer optional. It’s also important to keep up to date with the human factor; period phishing training is a must.
We have to start looking at ransomware as a collective struggle. Ransomware is leading to increased expenses for producers, making prices higher for consumers. This is affecting ordinary people around the world, so it’s our responsibility to do whatever we can counter the crisis.