In 2021, we saw a steady rise in the number of ransomware attacks. It’s projected that global ransomware damage costs will reach $20 billion by the end of 2021. Nearly every week, you hear of a new high-profile catastrophic breach, but organizations of all sizes have been critically impacted by ransomware and cyber threats.
According to a 2021 ransomware report[1], the average cost of a data breach reached $4.24 million per incident- the highest it’s been in 17 years. The rise of ransomware attacks in 2021 came followed by the largest ransomware payout made by an insurance company at $40 million, setting a world record[2].
Ransomware is an ever-evolving threat and will continue to be a grave concern in 2022. Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, shares his predictions on what could be coming in 2022.
Ransomware attacks will continue to increase as we shift into 2022.
We will see a growing number of attacks in 2022 for two reasons:
- More Transparency and Reporting: Organizations are coming forward after being attacked. In 2020, the FBI[3] received 20 percent more reports of ransomware. In prior years, ransomware attacks were hidden in the shadows, so it was difficult to know the exact data of the affected organizations. However, public perception of ransomware has changed and there are consequences for not being transparent and reporting an attack. The White House[4] issued an executive order in July that requires U.S. government contractors to report ransomware and other cyber incidents. And after the Colonial Pipeline attack, the Department of Homeland Security[5] issued new requirements for pipeline owners and operators to report cybersecurity incidents.
- Profitability: Ransomware will continue to increase for the simple reason that it is profitable. The ransomware ecosystem is a viable model for ransomware threat actors. Demands and payments have been steadily growing year-over-year.
In 2022, we will continue to see an evolution in the ransomware threat actor group landscape.
In 2021, we saw many ransomware groups splinter, fracture and rebrand. We expect this trend to continue. One of the biggest Ransomware-as-a-Service (RaaS) groups to disband in 2021 was BlackMatter. Reportedly they split up due to pressure from law enforcement officials[6].
This will continue in 2022 for a variety of reasons, such as increased law enforcement and/or too many high-profile attacks. Reinvention is a survival skill to many cyber criminals – it is not uncommon to see threat actors from one group morph into another group. In fact, we predict that the most prolific ransomware gang in 2022 doesn’t even exist yet.
Law enforcement will continue to issue high profile arrests and shutdowns on the ransomware infrastructure.
Government agencies have been cracking down on finding ransomware threat actors and bringing them to justice. Recently, the Department of Justice launched a 30-nation coalition targeting threat actors with aggressive tactics. Their goal is to disrupt ransomware threat actors who have previously operated in international safe havens.[7]
Sadly, this just scratches the surface. Organizations need to take ownership of their cybersecurity hygiene and implement incident response plans for the inevitable.
Cyber insurance premiums are going to skyrocket.
We predict there will be an increase in requirements and/or more prerequisites for getting cyber insurance coverage. Ransomware attacks have increased, thus so have cyber insurance claims and losses. It is inevitable the market will shift and insurance brokers will react. In the second quarter of 2021, the average premium for cyber insurance increased 25.5 percent[8]. In May, AXA France suspended cyber insurance reimbursements for its customers in France[9].
Even with increasing rates and premiums, organizations are turning their attention to obtaining cyber insurance policies to cover all their bases. No organization is immune to the current economic state of ransomware. Without insurance, a company must figure out how they're covering not just the actual ransom itself, but all the expenses related to recovery and investigations and incident response.[10]
Threat actors might avoid high-profile attacks and turn to small and medium-size businesses (SMBs).
Threat actors looking for a big payout might be enticed by attacking a high-profile organization. However, when you attack a high-profile organization, it can come with unwanted attention by the FBI and other government agencies. Staying under the radar can pay off in the long run. 46 percent of SMBs have been targeted by ransomware and 73 percent have paid the ransom[11]. SMBs might not have the same sophisticated cybersecurity policies and procedures a larger organization has in place – making them an easier target for threat actors. An attack on an SMB can also be devastating as they might be more willing to pay a ransom because the business impact could cripple an organization.
About Bryce Webster-Jacobsen
Bryce is the Director of Intelligence Operations at GroupSense, a leading provider in Digital Risk solutions. Bryce leads the day-to-day intelligence activities of GroupSense's Analyst and Research teams producing finished, tailored intelligence for our diverse clients.
Prior to GroupSense, Bryce worked in strategic international education initiatives while pursuing OSINT training and investigations, primarily focused on studying extremist movements, as a passion project.
Resources:
- [1] https://newsroom.ibm.com/2021-07-28-IBM-Report-Cost-of-a-Data-Breach-Hits-Record-High-During-Pandemic
- [2] https://www.businessinsider.com/cna-financial-hackers-40-million-ransom-cyberattack-2021-5
- [3] https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
- [4] https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
- [5] https://www.dhs.gov/news/2021/05/27/dhs-announces-new-cybersecurity-requirements-critical-pipeline-owners-and-operators
- [6] https://www.techrepublic.com/article/blackmatter-ransomware-gang-allegedly-disbanding-due-to-pressure-from-authorities/
- [7] https://www.cybersecuritydive.com/news/companies-federal-law-enforcement-ransomware/610200/
- [8] https://www.ciab.com/download/31507/
- [9] https://abcnews.go.com/Technology/wireStory/insurer-axa-halts-ransomware-crime-reimbursement-france-77540351
- [10] https://www.scmagazine.com/feature/policy/as-the-cyber-insurance-bubble-begins-to-burst-the-market-scrambles-for-a-new-approach?hsCtaTracking=7494def5-6f33-471e-ae65-a21b69ef77ea%7C1896c6e4-28c0-4944-a9be-0dabf02e9e5d
- [11] https://www.helpnetsecurity.com/2020/04/21/paying-ransom/