Looking at the same report, 12 months later<\/a>, gives us a wider picture of what\u2019s been happening while we\u2019ve been gone:<\/p>\n\n\n\n The data tells us that although infiltration tactics are staying the same, attacks are on the increase so far in 2022. So, what changes have we seen in the ransomware scene that have contributed to the rising numbers of attacks in January?<\/p>\n\n\n\n \u2022 Paying the ransom<\/strong> is becoming more common as organizations find themselves debilitated after ransomware attacks. In 2021, despite the \u2018official\u2019 advice from governments that companies do not meet the demands of cybercriminals, many large and well-known organizations paid staggering ransoms: CNA Financial<\/a>, Colonial Pipeline<\/a>, and JBS foods<\/a>, to name a few. SophosLabs\u2019 own State of Ransomware Report<\/a> revealed that in 2021, the percentage of victims who paid up increased by 6%:<\/p>\n\n\n\n Image: SophosLabs\u2019 2021 State of Ransomware Report<\/a>.<\/em><\/p>\n\n\n\n \u2022 Failure of ransom payouts to actually work<\/strong>. SophosLabs\u2019 revealed that the average amount of data recovered after an attack and a ransom payout was 65%, with only 8% of the study\u2019s participants getting all of their data back:<\/p>\n\n\n\n Image: SophosLabs\u2019 2021 State of Ransomware Report<\/a>. <\/em><\/p>\n\n\n\n \u2022 Another change is the increased backlash from the public<\/strong> if a ransom is paid. It turns out the average Joe has become more judgmental over the past year. According to Forbes<\/a>, paying a ransom breeds distrust, and a general feeling from consumers that the organization in question is to blame for the undesirable situation.<\/p>\n\n\n\n \u2022 A new tactic has emerged in the form of the ‘double-ransom’, thanks to increasing data exfiltration tactics<\/a><\/strong>. Instead of just encrypting your data, actors are exfiltrating it, so that if you have the nerve to refuse to pay a ransom to obtain a decryption key, they can blackmail you again with the threat of publicizing your data.<\/p>\n\n\n\n \u2022 Another noticeable change is just how noticeable ransomware attacks are becoming to the everyday consumer (you and I) due to specifically targeted attacks causing supply-chain disruptions<\/a><\/strong>. Where ransomware attacks were once a far cry from our everyday lives \u2013 something that the big companies had to deal with, and we only read about in the news \u2013 they\u2019re now having far-reaching impacts that may affect our everyday lives. Take the Colonial Pipeline attack<\/a> in May 2021: gas stations throughout the US had to close up shop due to the shortage of fuel \u2013 a direct result of supply-chain \/ industrial process disruption from a tactical ransomware attack.<\/p>\n\n\n\n \u2022 While REvil has been a household name on the ransomware scene for the past few years, their future is in doubt coming into 2022. 14 members of the gang were arrested<\/a> in mid-January by Russia\u2019s domestic security agency \u2013 including the hacker who perpetrated the Colonial Pipeline attack mentioned above. However, aside from REvil, the other well-known gangs are still around and causing mayhem (DarkSide, Conti, BlackMatter).<\/p>\n\n\n\n \u2022 We know the tactics of infiltration have stayed the same over the past year (and beyond \u2013 when will people learn to monitor RDP ports sufficiently?), but there\u2019s been a continuing shift in how ransomware gangs themselves operate, and it\u2019s terrifying. The increasingly \u2018professional\u2019 and organized ransomware market<\/strong> is seeing the Ransomware-as-a-Service (RaaS) model<\/a> on the rise from 2021: less skilled cyber actors can simply purchase or subscribe to existing ransomware tools or services, and then use the product to enact attacks as they see fit. What was once able to be achieved by only the most talented hackers out there, is now available to any Tom, Jack or Harriet.<\/p>\n\n\n\n \u2022 \u2018Gentlemen\u2019s Game\u2019 is going out the window, with ransomware actors breaking unspoken rules<\/strong> left, right and center: there have been increasing attacks on the health sector, and, according to CISA<\/a>, a tending towards attack-launches during weekends and holiday periods; when attackers know they will likely be able to able to do more damage before being detected.<\/p>\n\n\n\n \u2022 Another change in operations not seen before is the relations between ransomware gangs and bad actors. CISA points out that gangs have been networking more and more<\/a><\/strong>: sharing information about their victims with each other, including network-access information.<\/p>\n\n\n\n In some industries, it\u2019s never advisable to try and predict the future. The stock market, the housing market, the weather, to name a few. Cybersecurity does not fall under that umbrella. Predict, predict, predict, and predict the absolute worst!<\/p>\n\n\n\n The ransomware market is expected to continue on the trajectory we\u2019ve seen at the end of 2021 and the beginning of 2022:<\/p>\n\n\n\n In terms of our response to cybercriminals in the year to come, ZDNet reports that a \u2018Paying to Prevent\u2019 tactic <\/a>may emerge, with organizations actually paying ransomware gangs<\/em> a regular fee to ensure they don\u2019t get targeted.<\/p>\n\n\n\n To combat the continuing meeting-of-demands by victim organizations, governments are likely to start cracking down on ransom payouts and begin to take more offensive action against gangs<\/a> (what we\u2019ve already started to see in Russia).<\/p>\n\n\n\n ZDNet also points out the potential impact on cyber insurance <\/a>in the future. With ransoms regularly being paid into the millions; how much longer will ransomware attacks be covered by insurers? If insurance companies do continue to offer cover, premiums could reach new highs, and organizations seeking cover will likely have to jump through hoops to meet the eligibility criteria.<\/p>\n\n\n\n For starters: DON\u2019T<\/strong> start paying ransomware gangs to keep their mitts off you (talk about counterproductive!).<\/p>\n\n\n\n DO<\/strong> start implementing a zero-trust strategy. In fact, don\u2019t just implement it: embrace it. Welcome it with open arms. Because we can make predictions until we\u2019re blue in the face, but the one thing we know for certain is that if you haven\u2019t implemented zero-trust, you\u2019re at much greater risk of becoming victim to a ransomware attack.<\/p>\n\n\n\n Admin By Request\u00a0<\/a>is a cybersecurity solution which enforces zero-trust through the Principle-of-Least Privilege (POLP). It minimizes your organization\u2019s attack window by instantly revoking all administrative access, and instead provides an application for Just-In-Time elevation, on an as-needed basis:<\/p>\n\n\n\n Once ransomware actors infiltrate the system, they often rely on privilege escalation to succeed. With Admin By Request, infiltration in the first place is close to impossible, as all file downloads are scanned by multiple anti-malware engines. Attempts at privilege escalation are rendered fruitless as users simply don’t have the required admin rights. Hackers would have to vertically escalate to a more privileged status to make any ground whatsoever – an activity that would be detected immediately by the software solution if attempted.<\/p>\n\n\n\n It doesn\u2019t have to be all doom, gloom, and warnings.<\/p>\n\n\n\n If anything, this blog is intended to be more of a friendly update \u2013 a check-in on the ransomware scene so that we can better predict where it\u2019s headed in 2022.<\/p>\n\n\n\n Do yourself a favor and stay updated with what\u2019s going on. Take the pre-emptive steps to get adequate protection, implement zero-trust with\u00a0Admin By Request<\/a>, and make sure you\u2019re always one step ahead of ransomware gangs and their tactics this coming year.<\/p>\n\n\n\n I guarantee, this time next March \u2013 you\u2019ll be grateful you did.<\/p>\n\n\n\n\n
![\"\"\/](\"https:\/\/dedicatedserverabr.kinsta.cloud\/Images\/Blogs\/Picture1(1).png\")
<\/figure>\n\n\n\n\n
![\"\"\/](\"https:\/\/dedicatedserverabr.kinsta.cloud\/Images\/Blogs\/Picture2.png\")
<\/figure>\n\n\n\n\n
![\"\"\/](\"https:\/\/dedicatedserverabr.kinsta.cloud\/Images\/Blogs\/Picture3.png\")
<\/figure>\n\n\n\nChanges on the Scene<\/h2>\n\n\n\n
The \u2018What\u2019:<\/h3>\n\n\n\n
![\"\"\/](\"https:\/\/dedicatedserverabr.kinsta.cloud\/Images\/Blogs\/Picture4.png\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/dedicatedserverabr.kinsta.cloud\/Images\/Blogs\/Picture5.png\")
<\/figure>\n\n\n\nThe \u2018Who\u2019:<\/h3>\n\n\n\n
The \u2018How\u2019:<\/h3>\n\n\n\n
Predictions for the Future<\/h2>\n\n\n\n
\n
What to Do<\/h2>\n\n\n\n
\n
Conclusion<\/h2>\n\n\n\n