Ransomware is now the fastest-growing cybercrime and the most contagious “data disease” known to man.
At the same time, facts show that, after several years of attack and defense evolution, ransomware attacks have not decreased, but have increased, and attack events have emerged one after the other. It is predicted that ransomware attacks will increase significantly in 2022, with an unprecedented number of attackers.
Today’s ransomware attacks are more dangerous and widespread than ever before, thanks to the increasing profitability of ransomware attacks. In 2022, ransomware will present three new trends that must be closely monitored.
The prevalence of ransomware is increasing, and ransomware has emerged as the most serious security threat.
The return of high profits has encouraged more criminals to enter the extortion business. Most blackmail gangs use a dual blackmail strategy in many ransomware attacks, which means that the attacker will steal a large amount of sensitive business information, then encrypt the victim’s data, and threaten the victim to disclose the data if he does not pay ransom. Threatening victims to pay huge ransom through goodwill damage caused by data leakage and legal accountability, which has put great pressure on enterprises.
At the same time, the rise of the RaaS business model makes it simple for practitioners to launch network extortion activities without any professional or technical knowledge, which also leads to the trend of low cost and low threshold of ransomware, increasing the intensity of extortion attacks.
With the specialization of cyber criminals and the improved utilization of the supply chain, the number of ransomware will skyrocket in 2022, and the number of attackers will reach an all-time high. At the same time, ransomware attacks will rapidly spread across the entire attack surface. Ransomware threats will proliferate and become the most serious security threat confronting most businesses today.
Ransomware attacks on the medical industry have become more common.
According to the FBI’s security notice, at least 16 conti ransomware attacks against medical and emergency response institutions in the United States have been discovered in the last year. The ransomware has infected over 400 medical and emergency response facilities worldwide.
According to the enisa threat landscape report, more than 66 percent of medical organizations were victims of ransomware attacks in 2019, and 45 percent were forced to pay ransom, but half of medical organizations still lost data after paying ransom.
Ransomware attacks on the medical industry will continue to escalate in 2022. Precision attacks, novel encryption techniques, and large-scale commercial operations will continue to wreak havoc on medical institutions around the world.
In this situation, medical institutions’ IT teams will face unprecedented challenges.
Data leakage caused by ransomware is larger and more expensive.
The value of data is becoming more prominent as the digital process accelerates. A data leak can have an impact on hundreds of millions, if not billions, of people. At the same time, as cloud computing becomes more popular, ransomware will increasingly target cloud storage to maximize its influence and leverage in order to increase profits and expand the scale and risk of enterprise data leakage. According to cybersecurity ventures’ research, the global ransomware loss cost is expected to reach $20 billion in 2021.
Data leakage will continue to increase in 2022, and the scale will be larger. Governments and businesses in various countries will pay more for recovery, including not only the cost of event response, data backup, and system upgrade, but also implicit costs such as reputation loss and legal risk cost caused by quantity leakage, and the loss may be several times or dozens of times greater than the explicit loss.
Although traditional backup and disaster recovery systems can well realize data backup and disaster recovery, it is impossible to judge the availability and security of disaster recovery data in the event of a ransomware attack, such as whether the backup data is infected? What information must be recovered? What is the time limit for backup recovery? How much time will it take to recover? Will it be attacked again and again? Is the information available in real time? Is the data completely saved? Only corrupted data can be recovered.
If the disaster recovery system has been attacked by ransomware and there are a large number of damaged files, completing the backup / disaster recovery task blindly and recovering “bad data” will exacerbate the scope of infection, resulting in the recovered system failing to function normally. Even when backups are available, some businesses are still forced to pay the ransom. Traditional disaster recovery systems, on the other hand, take days or even weeks to recover, making it impossible to meet the emergency response needs of rapid recovery while minimizing the loss of business interruption. As a result, the disaster recovery solution must be carefully chosen.
With the increasing sophistication of ransomware attacks and the maturation of technical means, escaping ransom “kidnapping” and preventing data leakage has become a must-answer for all industries.