In 2021, we saw a steady rise in the number of ransomware attacks. It’s projected that global ransomware damage costs will reach $20 billion by the end of 2021. Nearly every week, you hear of a new high-profile catastrophic breach, but organizations of all sizes have been critically impacted by ransomware and cyber threats.
According to a 2021 ransomware report[1], the average cost of a data breach reached $4.24 million per incident- the highest it’s been in 17 years. The rise of ransomware attacks in 2021 came followed by the largest ransomware payout made by an insurance company at $40 million, setting a world record[2].
Ransomware is an ever-evolving threat and will continue to be a grave concern in 2022. Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, shares his predictions on what could be coming in 2022.
We will see a growing number of attacks in 2022 for two reasons:
In 2021, we saw many ransomware groups splinter, fracture and rebrand. We expect this trend to continue. One of the biggest Ransomware-as-a-Service (RaaS) groups to disband in 2021 was BlackMatter. Reportedly they split up due to pressure from law enforcement officials[6].
This will continue in 2022 for a variety of reasons, such as increased law enforcement and/or too many high-profile attacks. Reinvention is a survival skill to many cyber criminals – it is not uncommon to see threat actors from one group morph into another group. In fact, we predict that the most prolific ransomware gang in 2022 doesn’t even exist yet.
Government agencies have been cracking down on finding ransomware threat actors and bringing them to justice. Recently, the Department of Justice launched a 30-nation coalition targeting threat actors with aggressive tactics. Their goal is to disrupt ransomware threat actors who have previously operated in international safe havens.[7]
Sadly, this just scratches the surface. Organizations need to take ownership of their cybersecurity hygiene and implement incident response plans for the inevitable.
We predict there will be an increase in requirements and/or more prerequisites for getting cyber insurance coverage. Ransomware attacks have increased, thus so have cyber insurance claims and losses. It is inevitable the market will shift and insurance brokers will react. In the second quarter of 2021, the average premium for cyber insurance increased 25.5 percent[8]. In May, AXA France suspended cyber insurance reimbursements for its customers in France[9].
Even with increasing rates and premiums, organizations are turning their attention to obtaining cyber insurance policies to cover all their bases. No organization is immune to the current economic state of ransomware. Without insurance, a company must figure out how they're covering not just the actual ransom itself, but all the expenses related to recovery and investigations and incident response.[10]
Threat actors looking for a big payout might be enticed by attacking a high-profile organization. However, when you attack a high-profile organization, it can come with unwanted attention by the FBI and other government agencies. Staying under the radar can pay off in the long run. 46 percent of SMBs have been targeted by ransomware and 73 percent have paid the ransom[11]. SMBs might not have the same sophisticated cybersecurity policies and procedures a larger organization has in place – making them an easier target for threat actors. An attack on an SMB can also be devastating as they might be more willing to pay a ransom because the business impact could cripple an organization.
Bryce is the Director of Intelligence Operations at GroupSense, a leading provider in Digital Risk solutions. Bryce leads the day-to-day intelligence activities of GroupSense's Analyst and Research teams producing finished, tailored intelligence for our diverse clients.
Prior to GroupSense, Bryce worked in strategic international education initiatives while pursuing OSINT training and investigations, primarily focused on studying extremist movements, as a passion project.