Ransomware trends to watch in 2022 include double-extortion, supply chain attacks, ransomware-as-a-service, rebranding, and geopolitical incitement. Cybercriminals are targeting some industries more than others, the report explains supply chain attacks and double-extortion, and lists the most active ransomware groups operating today.
Ransomware attacks are increasing in most sectors in 2022
In nearly one in five ransomware attacks, manufacturing companies were targeted for the second year in a row. Other industries are also facing increasing attacks. The growth rate of attacks against healthcare companies was especially impressive, with double-extortion attacks increasing by more than 650 percent from 2021 to 2018. Ransomware attacks spiked over 450 percent in the restaurants and food services industry.
Many threat groups that disbanded and reformed under new names have reorganized since governments around the world started taking ransomware seriously. Among the rebrands, DarkSide changed to Black Matter, DoppelPaymer changed to Grief, and Rook to Pandora. Despite their changes in tactics, their threat remains the same. Rather than offer their tools for sale directly on the dark web, many are now offering ransomware-as-a-service, increasing their scale significantly.
A statement issued by the United States earlier this year warned of the possibility of malicious cyber activity against the country in response to economic sanctions against Russia. The statement called for public and private sector organizations to take immediate action to harden cyber defenses. Several other nations that support Ukraine have delivered similar warnings. Multiple attacks have been identified by ThreatLabz up to this point, including attacks on Ukraine with PartyTicket ransomware and HermeticWiper malware, as well as attacks against government entities with the Conti threat group. Geopolitical threats continue to be monitored by ThreatLabz.
As Desai notes, organizations must employ defense-in-depth strategies to minimize the risk that they will be breached and the damage that can be caused by a successful ransomware attack. These include reducing the attack surface, choosing zero trust architectures that provide least-privilege access control, and continuously monitoring and inspecting data across all environments.
Novum IT is here to help with professional security solutions like vulnerability management, identity and access management services, Endpoint protection, etc. Don’t hesitate and improve your cybersecurity right away if you live in Florida.