Ransomware Threats To Watch For In 2022

Ransomware is a constantly-growing threat that organizations, businesses, and even individuals face daily. They have not only been growing in frequency but also in severity and cost, with the average ransom demand increasing more than $10,000 since 2019.

The proliferation of mobile devices and social engineering becoming more convincing than ever has ensured that the activity of ransomware attackers still hasn’t seen its zenith. Here’s a rundown on what to expect from the ransomware ecosystem in the coming year.

What Is Ransomware?

In the simplest terms, ransomware is one type of malicious software that prevents an individual or organization from accessing critical systems or information. The details, particulars, and methods of each ransomware attack are often unique to the specific attack and can vary greatly.

In most cases, the ransomware program is introduced to the system through human error. Once installed in the target computer, the program often uses complex penetration tools to allow the attackers unlimited access to the systems and networks the computer is connected to. At the same time, it will lock out all other authorized users, often encrypting all data that can be used to leverage a larger ransom.

Once the systems are no longer under the control of their owners, in some cases, the attackers will contact the individual or company to begin negotiating a ransom. In other cases, there is no contact, and the program simply makes the demand of the ransom and provides an address for a preferred cryptocurrency to be sent to. When the ransom is paid, the attackers provide an unlocker or decrypter and allow the victims to begin picking up the pieces.

Want to learn more? Check out 10 Ways to Prevent a Security Breach in the Workplace.

Who are the Victims of Ransomware Attacks?

There are countless targets, as anyone can be targeted, from giant corporations to individuals, but the most frequently attempted or significantly affected targets are the following:

• Healthcare: Healthcare is one of the most commonly attacked ransomware targets, with ransomware being responsible for half of all data breaches in the healthcare field. Despite this, most healthcare organizations only devote about 6% of their budget to bolstering digital security.
• Education: Education is one of the fastest-growing target industries, with attacks doubling in 2020 over the prior year. Each breach costs an average of nearly $450,000 when it occurs in a college or university.

Earlier this year, Centennial School District in Multnomah County, Oregon was compromised by ransomware. Edge Networks’ Founder and CEO went on air with KATU News to share his thoughts. Learn more about the attack here.

• Government: Last year, one-third of all attacks on computers or information systems belonging to government bodies occurred because of ransomware. Since 2013, 48 states have been the victim of a ransomware attack at least once.
• Finance/Insurance: More than 60% of data from breaches that occurred in 2019 were from some type of financial institution, with more than 200,000 people reporting they’ve experienced an attempted unauthorized login attempt with their bank.

Ransomware Threats Are On The Rise. Here are the trends we’re noticing.

The threat of ransomware is growing every day, and with the ability to infect nearly any system it encounters, that threat isn’t going to go away any time soon. Here are some of the primary reasons that ransomware threats have grown as much as they have over the past year.

Growing Mobile Vulnerabilities

Mobile platforms are becoming the most frequently infected type of device, which gives ransomware attackers an advantage. Mobile devices are often targeted because attackers can send links easily and many people tend to trust the communications they get on their personal devices, particularly through channels like SMS or even Facebook Messenger.

Social Engineering Is Surging

One of the reasons ransomware attacks are gaining momentum is the incredibly clever individuals and organizations that are executing them. The vast majority of ransomware is installed by someone clicking on a bogus link in a phishing email that is made to look like it came from a trusted source.

An even more diabolical method is sending out SMS messages with a phishing link in them. People assume it’s from a trusted source and click the link, often dooming their mobile device to being a ransomware victim, carrier, and vehicle of the ransomware, or worse.

Learn more about Social Engineering and its common methods, examples, and which preventative measures you can take.

The Cyber “Cold War” Is Gaining Momentum

With a resurgence in the digital cold war between the US, China, Russia, and others, the potential for ransomware threats to not only become more common but more severe. The implications inevitably lead to ransomware threats escalating and infecting more critical systems, making it a more serious national security issue.

More Sophisticated Penetration Tools Are Being Used

With far more advanced penetration tools being leveraged in conjunction with the ransomware attacks, the organizers of the attacks can be much more effective in their extortion. They are not only able to steal confidential information and files but also give themselves potential backdoors for future attacks.

Ransomware Attacks Can Be Outsourced

Many ransomware groups are operating as outsourced extortionists, hiring out their talents and software for a cut of the payday. This has led to a “ransomware-as-a-service” boom, with examples like WannaCry, REvil, and Ryuk, which is thought to have extorted hundreds of millions of dollars over the past year.

Recent Ransomware Attacks

With the rates of ransomware attacks increasing to over 4,000 per day in the US, it is surprising that more attacks aren’t in the news. On the other hand, many companies that find themselves on the receiving end of a ransom demand may not publicize it unless required to prevent any potential reduction in the public’s confidence in the organization.

Still, many ransomware attacks are newsworthy or publicized in other ways. Many of these attacks are carried out against incredibly large and powerful companies, some of which you may have heard about. Some of the attacks from this past year include computer and automotive giants, financial institutions, and even

Colonial Pipeline Company

The ransomware attack on the Colonial Pipeline Company was arguably the biggest ransomware news item of the year. Back in May, one of the major operators of the American oil pipeline was infected with ransomware in some of its management systems. This resulted in the complete shutdown of the pipeline operations to prevent further infection, which disrupted the oil supply to the east coast for several days.

The FBI assisted Colonial Pipeline Company in paying more than $4 million USD worth of bitcoin to the attackers. In a rare outcome, the FBI recovered the private key for the bitcoin wallet containing part of the payment, seizing the funds.

Brenntag

In May of this year, the chemical distribution company Brenntag was targeted by one of the major ransomware attackers, DarkSide, and extorted for millions to prevent the use of about 150GB of data obtained in a breach.

The company was initially held hostage for more than $7 million, paid in bitcoin. When they proved they held the data with crucial images being posted, the ransom was negotiated, and Brenntag ultimately paid approximately $4.4 million for the security of the data.

CNA Financial

This financial and insurance giant based in Chicago was attacked in the first half of the year. This attack led to the compromise of personal and medical data for about 75,000 people. The data included personal health information, social security numbers, and more. The leak affected former and current employees, even contract employees and their families.

The company agreed to a $40 million payment in exchange for access to its systems. The systems were encrypted during the attack with a program linked to the Russian cybercrime organization Evil Corp.

Kia Motors

One of the first big ransomware attacks of 2021 to make the news, the popular division of Hyundai, Kia Motors, was attacked by the ransomware group DopplePaymer. They subsequently faced demands of $20 million to secure the stolen data and an unlocker to decrypt the rest of their systems.

The attack was initially referred to as an IT outage by Kia, as it significantly affected the Kia Owner’s Portal, their payment and phone systems, app functionality, and even portions of their corporate intranet.

Acer

The computer giant based in Taiwan was targeted by one of the major ransomware groups, REvil, and was extorted for a demanded $50 million ransom. The group was able to access the systems initially through a vulnerability in their Microsoft Exchange server.

To prove they held sole access, they posted images of confidential stolen files. In this case, the group had gained access to financial documents and spreadsheets, communications between the company and their bank, and even bank account information.

The Impact Of COVID-19 On Ransomware Threats

During the global pandemic, the occurrence of ransomware threats has skyrocketed. One of the primary reasons is the great migration of many industries to a model largely based around remote workers. Even though the lockdowns and quarantines have largely ended, many businesses keep a significant portion of their workforce out of the office.

The increased prevalence of remote workers is one of the largest challenges for IT teams to adapt to. Many companies feel that a VPN will protect them, when in fact, ransomware that infects a computer attached to a VPN then has access to the entirety of the private network. For this reason, many companies that are retaining a largely remote workforce are moving to zero trust network models.

How To Avoid Becoming a Victim Of Ransomware

The threat of ransomware increases daily, and while many of these threats can be mitigated or reduced to some extent, it is nearly impossible to eliminate them. This means that one of the most powerful weapons against ransomware, on an ongoing basis, is being educated and informed on current threats and proper precautions.

This is particularly true for remote workers since they will be targeted at an increasing rate due to the ease of infecting personal equipment connected to secure networks.

Here are some tips for staying safe in the coming year:

• Never click on unsafe links or any links not obtained directly from a trusted source.
• Do not disclose any personal information over the phone, through email, or in a text. If you are being targeted, the attackers will try to gather as much information as possible so that the attack has the highest chance of success.
• Never open email attachments from unknown sources. This may seem obvious, but the user can sometimes be fooled that the original email is from a trusted source, leading them to open an attachment they otherwise would not open.
• Don’t use USB sticks that come from untrusted sources. If you’re using it on a work computer, be sure you obtained the drive directly from the IT department.
• Use current technology, as older devices can contain more vulnerabilities and have more outdated security features.
• Keep your software and OS up to date. Just as outdated hardware can put you at risk of attack, outdated software is even worse.
• Only download from secure sites. A good way to ensure you are on a secured connection is to verify that the website begins with HTTPS, not simply HTTP. Many browsers also feature a lock or shield icon to indicate a secure site.
• VPNs only help so much, so don’t count solely on using one to keep you or your organization safe from ransomware. In the next few years, the primary networking method will be zero trust networks, which can be secured to a higher degree.

Ransomware Threats In 2022

Even though ransomware threats and attacks are bound to become more prevalent and more serious in 2022, that doesn’t mean you or your organization have to be victims. By making sure that you are informed of the primary threats, how they take hold, and how to avoid them best, you can minimize your chances of having your system held hostage for ludicrous sums of money.

Are you concerned about the safety of your business? Edge Networks can help! Take our free, self-guided IT Security Risk Assessment, or contact us today for a free, 30-minute consultation.