Ransomware will likely continue to evolve and increase in complexity through 2022 and beyond. It has played a huge role in the increase of cybercrime that has occurred since the COVID-19 pandemic began in March of 2020.
As companies and organizations still struggle to remain productive amidst stay-at-home regulations and newly remote workforces, new cybersecurity weaknesses are continually introduced and previous gaps continue to widen.
As the pandemic’s chaos challenges traditional business operations even more than a year into it, opportunistic ransomware gangs leap at any chance to leverage vulnerabilities present in both overworked IT staff and software bugs alike.
As 2021 comes to a close, cybercrime shows no sign of slowing down. In the coming year, what might we expect to see?
Government responses to ransomware will increase
The exponential increase in both the effectiveness and prevalence of 2021 ransomware attacks, often carried out by threat actors located overseas, has had a profound effect on businesses large and small the world over. In response, government regulators and authorities have presented new laws, offices and departments tasked solely with cyberattack reporting, investigation and mitigation.
An international alliance between the U.S., NATO members, the European Union, the U.K., Japan, Australia and New Zealand was formed in order to provide a unified front against ransomware gangs and cyberattackers, primarily those originating in China.
Pressure from international authorities in 2021 has had an effect on some of the most noteworthy ransomware gangs. A few have almost completely disappeared from the spotlight, realizing that announcing their presence and intentions publicly is no longer as safe as it was as recently as last year. Others have undergone rebranding processes, or fractured into smaller groups intent on keeping a lower profile.
As 2022 unfolds, we can expect to see further development and sophistication of government protocols when it comes to ransomware attacks. However, many of these ideas may not come to fruition, either due to them being foundationally flawed in the way they seek to mitigate cybercrime or being unable to generate the votes required to pass into law.
Even after passing into law, policies will still require administrative fortitude and quick application to be effective against criminals that do not need to wait for congressional approval to change tactics.
The future of ransomware as a service (RaaS) is uncertain
Most of the largest and most infamous gangs offer ransomware as a service (RaaS), meaning that they involve a third party in the attack and are give a portion of any ransom paid by victims. However, experts are split on whether or not this trend will continue to remain popular for the duration of 2022.
While RaaS allows ransomware gangs a degree of separation from the actual crime itself, as well as additional coverage in tracing the source of the attack, some gangs are moving operations in-house to avoid the complications that naturally occur when a third party is in the mix.
Most experts expect the RaaS model to exist well into the new year. However, as authorities become more savvy, third party operators may prove to be weak links that open ransomware gangs up to retaliation or prosecution. Knowing this, some gangs are opting to take full control of their ransomware attacks by employing individuals dedicated to carrying out the attacks cleanly and efficiently, effectively becoming all-in-one ransomware executors.
Ransomware gangs will begin to resemble legitimate companies
Now that the effects of ransomware are well known, the mere threat of an attack may be enough to persuade companies to pay up before ever experiencing a theft or shutdown.
Future cybercrime tactics may have more in common with those used by organized crime syndicates than one-off bank robbers. Some researchers feel that especially sophisticated ransomware groups may develop subscription services in which organizations are to pay a regular fee or face an attack. This mafia-style strategy offers a degree of protection, but at the risk of continually doing business with an unscrupulous entity.
As ransomware groups continue to advance their methods and look more and more like legitimate business organizations, we can also expect them to begin to experience some of the troubles inherent to large corporations including espionage, poor maintenance and flawed employee management. Ransomware gangs, if they continue on their track to more professional structures, will likely even require their own cybersecurity teams to keep competitors, government regulators and saboteurs at bay.
The tightening of cyber insurance with regard to ransomware
While criminals become better at what they do and payouts rise in value to the millions of dollars, companies providing cyber insurance against ransomware attacks will likely reconsider their business models and enforce new rules that need to be carefully followed to receive a payment from a claim. We can expect insurance to become more expensive and less likely to cover those that buy it as policies become increasingly strict.
While quantum computing is still a ways off, experts rightly fear that this tremendous increase in computing power could be leveraged by criminals in order to greatly compromise today’s standard encryption practices, which are no match for the capabilities of tomorrow’s tech. In some cases, criminals may steal data or cryptocurrency as an investment, hiding it away for a later date when eventual access to quantum computing will allow them to access it.
Continued leveraging of vulnerabilities both old and new
Being opportunistic, many ransomware actors will continue to prey upon vulnerabilities both old and new. The recent discovery of the Log4j vulnerability will no doubt provide ample fodder for ransomware in 2022, as attacks targeting victims who have not patched their systems or did not act quickly enough to do so before criminals set the stage against them will continue to roll out. We can expect ransomware operatives to continue to build methodologies that weaponize and streamline the exploitation of Log4j.
While high profile and dominating headlines, many organizations will remain vulnerable to Log4j well into the next year either due to a lapse in attention to the importance of updating their security or due to the complexity of supply chains that involve many companies with little transparency regarding their network security. In the latter scenario, criminals may be able to move laterally between networks as witnessed in this year’s hack of Kaseya.
In spite of the publicity that Log4j is receiving in the cybersecurity world, awareness has its limitations. It is important to note that this year’s Microsoft Exchange exploit received similar coverage earlier in 2021 and is still being used effectively by criminals to steal data and exploit those who have yet to close the loophole via updates.
Attacks on the supply chain and the cloud will increase
Attacks on organizations via their supply chain are not new, but have matured and streamlined over the last year. We can expect these attacks to continue well into 2022, as our interconnected world will continue to provide means by which criminals are able to access data that they are not authorized for.
Additionally, as businesses continue to migrate to the cloud, so too will criminals. Experts expect ransomware in 2022 to focus heavily on cloud service providers to increase due to their integral role in containing large amounts of critical information.
- Cybersecurity threatscape: Q3 2021 23 Dec 2021, Positive Technologies
- Unique Cyber-Attacks Fall for First Time Since 2018 by James Coker, 24 Dec 2021, Infosecurity Magazine
- Ransomware in 2022: We’re all screwed by Charlie Osborne, 15 Dec 2021, ZDNet
- What Congress Needs to Know About Log4j: 2022 Should be the Year Congress Acts on Our Failing Supply Chain by Chris Castaldo, 24 Dec 2021, National Security Institute
- Top 15 cybersecurity predictions for 2022 by Maria Henriquez, 22 Dec 2021, Security Magazine
2022: like 2021 but moreso, quicker and with greater sophistication on all sides by Tim Nodar, The CyberWire staff, 23 Dec 2021, The CyberWire
- Conti Ransomware Gang Has Full Log4Shell Attack Chain | Threatpost by Lisa Vaas, 20 Dec 2021, Threatpost