Measured Insurance Partners with Canopius and Long-time Backer SCOR to Expand Critical Cyber Insurance Solutions

The State of Ransomware in 2022

hacker_carrying_out_a ransomware_attack_ hero_image
Angela Stringfellow
December 22, 2021
|Share this article:

Ransomware is a troubling form of malware. This malicious software is able to infiltrate a domain or network, encrypt data, and demand a ransom in exchange for a decryption key. 

Worse yet, some ransomware will also threaten to expose your data if you refuse to pay. As a result, you could lose valuable information, compromise user data and lose your hard-won reputation in the process. And even if you pay a ransom, there’s no guarantee that you’ll recover your data. 

Alternatively, paying the ransom will fund even more examples of ransomware attacks, leaving businesses unsure of where to turn. 

We saw crippling attacks against Acer, Honda, and the Colonial Pipeline in 2021, and it’s clear that in 2022 businesses have to take a more proactive approach to mitigate the damage. 

Attackers are now going after critical infrastructure in healthcare, food supply, and energy. This is why it’s important for all businesses to understand the implications of ransomware attacks as we dive headfirst into 2022.

Learn what you can expect from ransomware in 2022 as well as the best ways to defend yourself.

Ransomware by the Numbers

Overall, businesses can expect ransomware to be more prevalent, sophisticated, and expensive in 2022. 37% of organizations reported ransomware attacks in 2020, and since the costs of cybercrime are expected to increase 15% every year at least for the next five years, this equates to more disruptions and higher costs.

The following statistics provide further food for thought: 

  • 85% of ransomware attacks target Windows systems. 
  • In 2020, WannaCry was the most common ransomware on personal computers.
  • That same year, the United States had the highest number of ransomware attacks and accounted for 5.49% of all attacks globally. Moreover, mobile users in the U.S. were the most likely group to encounter ransomware on their mobile devices at 33%.
  • 96% of organizations that had their data encrypted managed to get their data back.
  • The average ransom costs $570,000, but the average bill to recover from a single ransomware attack is actually $1.85 million.
  • In 2020, ransom amounts increased by an astonishing 60%
  • 55% of ransomware attacks hit businesses with fewer than 100 employees. 
  • Over 96% of ransomware attacks manage to infiltrate their target in under four hours. 

Ransomware attacks have been increasing every year since 2018. They peaked in 2021 at a 68.5% increase, but it’s likely that 2022 will be another record year for ransomware. 

Cyber threats change all the time, so it’s important to know what lies ahead. These 5 ransomware trends should play a big role in your business’s security plans for 2022.

1. Ransomware as a Service

Hackers aren’t working on their own anymore. Ransomware as a Service (RaaS) connects attackers with the code and resources to launch organized attacks. 

Since the RaaS platform provides everything an attacker needs, hackers don’t even need to read code or have development skills to launch an attack. This means there are more ransomware attackers out there than ever before. 

RaaS platforms make their money by requiring attackers to share a cut of their ransom. With thousands of attackers in one RaaS platform, this is a very profitable operation for organized crime. 

In fact, attackers have realized that the RaaS model is much more profitable than solo attacks. Instead of attacking a target in a single, isolated attack, RaaS has become a business model that orchestrates multi-faceted attacks against the same organization. 

RaaS also enables attackers to gather more intelligence about their victims. Instead of jumping in without a strategy, ransomware attackers research their potential victims. They look for:

  • Potential security gaps
  • Your insurance policies and what the maximum payout is for these policies
  • Laws and regulations you’re required to follow 

This way, they can demand an appropriate ransom that the victim is more likely to pay. After all, demanding a $50 million ransom from a small business wouldn’t make a lot of sense if you want them to actually pay the ransom.

RaaS will also use Access as a Service (AaaS) to gain access to their victims’ infrastructure. They buy compromised credentials in bulk, which lets them buy access to an organization without any time-consuming phishing attempts

Some RaaS groups have shut down or shifted their focus elsewhere, such as Avaddon, which sent a file containing decryption keys for 2,934 victims to Lawrence Abrams of Bleeping Computer. Others have been the targets of government takedowns. REvil, for example, was hacked and forced offline in late 2021 by the FBI, Cyber Command, and the Secret Service, in cooperation with other governments. 

The RaaS landscape is expected to shift in 2022, with an increase in ransomware actors and a shift in the power balance between affiliates and RaaS developers and administrators, but it’s not going anywhere. 

2. Double Extortion

In a typical ransomware attack, businesses can avoid paying the ransom if they have strong backups. Once hackers realized this, they had to come up with a new way to force businesses to pay the ransom. 

Double extortion is an incredibly effective tactic that ransomware hackers use to make money. With double extortion, the attacker not only encrypts your files, but they also threaten to leak your data to the public or sell it on the black market. This includes leaking important data like: 

  • Customers’ personal information
  • Private contracts
  • Blueprints
  • Insurance information
  • Employment history
  • Financial reports 

Thanks in part to double extortion, the average number of victims paying a ransom increased 3X from 2019 to 2020. Double extortion adds a new dynamic to ransomware that makes it a much more pressing—and expensive—issue. In 2022, we can expect even more ransomware attacks to include an element of extortion.

3. Orchestrated Attacks

Thanks to RaaS and AaaS, attackers aren’t going after businesses in one-off attacks. In most cases, ransomware attacks come from criminal syndicates with a company-like structure. 

In 2022, ransomware is going to target much more than a single device or machine. Its main target is going to be your network and infrastructure as a whole, which can bring even the largest organizations to a grinding halt. 

Ransomware attacks will largely be led by hackers in 2022, who will put in more time researching the best way to earn a ransom from their victims. If that means partnering up with other hackers and splitting the bounty, that’s what they’ll do.

4. Remote Work is a Risk

Experts predict that 53% of U.S. workers will work remotely at least some of the time in 2022. While remote work has come with tremendous benefits, it’s causing a lot of disruptions in business security.

For example, your employees might allow their kids to access their work computer to do homework. Or an employee could use an unsecured Wi-Fi connection at a coffee shop. 

When employees no longer work from a single secure location, it’s much more challenging for IT to protect your systems. With remote operations, you lose a lot of the anti-ransomware protection you enjoy with in-person work. 

This doesn’t mean that remote work shouldn’t be an option, but that leadership should take remote device security much more seriously in 2022.

5. Everyone is a Target

Did you know that ransomware doesn’t just go after big companies? Regardless of its size, if your business connects to the internet, you’re at risk of a ransomware attack in 2022.

This year, ransomware attackers are expanding their horizons and going after:

  • Cloud SaaS solutions: Ransomware isn’t only going after on-premise solutions anymore. Since more organizations are moving to the cloud, ransomware is trying to infiltrate it. For example, more ransomware threats are trying to convince users to install malicious (but legitimate-looking) SaaS applications as a way to infiltrate the cloud.
  • Healthcare providers: Healthcare companies were forced to digitize this year because of the pandemic. While healthcare organizations have fallen victim to ransomware attacks in the past, with new COVID-19 variants cropping up, ransomware is likely to focus heavily on the healthcare system in 2022. This might mean critical research, infection data, and vaccines could be in jeopardy, which would lead to a tremendous amount of disruption.
  • Supplier networks: Ransomware isn’t just going after your data; it’s going after everyone you work with, too. For example, ransomware went after Apple’s provider Quanta in 2021, exposing Apple blueprints in a double extortion attack. Instead of attacking just one company, ransomware is also going after everyone downstream of that company—and that includes both vendors and customers.
  • Personal users and influencers: Every single person on the internet is a potential ransomware victim. Attackers are now going after people’s personal accounts, both for additional ransom and in an attempt to access their work credentials. One particularly nefarious tactic is ransomware attacks against influencers. Attackers will infiltrate influencers’ accounts and do a ton of damage, especially to content creators with large audiences. 

Tips for Preventing Ransomware Attacks in 2022

Even though the government is cracking down on ransomware rings, ransomware isn’t going anywhere in 2022. Today, ransomware is stealing credentials, going after unprotected endpoints, and even turning off anti-virus software to infiltrate your company. 

Even if you pay a ransom, it doesn’t guarantee that you’ll recover your data, and it certainly doesn’t mean you won’t be a victim again. Follow these 5 ransomware security best practices to keep yourself protected in 2022.

1. Have Robust Backups in Place

Common-sense security measures are the best way to protect yourself from ransomware. While backups won’t prevent an attack, they do make it much easier for you to get back to business as usual after an attack. 

If you don’t already back up your data, meet with your IT team ASAP to create a robust backup system. You should look into both cloud-based and offline backups for a redundant system that helps you recover faster. 

Although you can’t undo the damage, 56% of businesses are able to recover their data, so don’t overlook the importance of regular backups. 

However, thanks to double extortion, backups don’t have the power they once did. Because ransomware is becoming more sophisticated, you can’t rely just on backups to save your business. Combine your backups with the other tips in this guide to minimize your risk. 

2. Implement Zero Trust

Trust is a valuable commodity in 2022, but you shouldn’t trust any new device on your network. With a zero-trust approach, you assume every attempt to join your network is a potential breach. It’s also a good idea to segment your network and require multi-factor authentication as part of zero trust. When you assume the worst, you’re better able to stay vigilant. 

3. Update and Maintain Your Infrastructure

Ransomware goes after known vulnerabilities in your software, workstations, servers, and more. Don’t let attackers gain access from an outdated piece of software: work with your IT team to keep every application up-to-date. A regular update, matching, and maintenance schedule might sound like a drag, but if it can save you hundreds of thousands of dollars, it’s worthwhile. 

4. Train Your Team on the Latest Threats

Humans are the weakest link in any network, and hackers know this. They use social engineering to worm their way into your network: in fact, 70 – 90% of all ransomware attacks happen because an attacker pretends to be someone they’re not.

You should always train new employees on security practices when they join your organization, but your existing team needs ongoing cybersecurity training, too. This means you need to: 

  • Conduct mandatory cybersecurity training at least once a year, if not more often
  • Update your team on new types of phishing attacks, especially via SMS, phone calls, and social media
  • Run internal phishing tests to keep your team on their toes

As long as humans run your business, you’re vulnerable to ransomware attacks. Now that hackers are crafting more sophisticated phishing attacks (and even gaining access from compromised credentials), it’s never been more important to train your team. 

5. Write a Ransomware Playbook

How you respond to a ransomware attack can save your organization public embarrassment, data loss, and a significant sum of money. But more often than not, organizations scramble to respond to a threat, wasting precious time while they panic. 

Don’t let a ransomware attack catch you off guard. Work with your team to craft a step-by-step playbook of how they should respond to a cyberattack, which should include:

This way, you’ll be able to act more quickly and with a level head. 

Get a Ransomware Parachute with Measured Insurance

Not to be alarmist, but ransomware is going to be a big deal in 2022. As we digitize more aspects of our lives and businesses, the Wild West that is the internet comes with equal amounts of convenience and danger. 

The good news is that you can protect yourself against the damages that come with ransomware attacks. In fact, 94% of businesses are reimbursed for their ransom payments through their insurance company. 

If your business needs an extra jolt of security, it’s time to think about cyber insurance. Take Measured Insurance’s risk assessment now to check your security posture.