If we look at the past year the “golden era” for operators as it is called, Ransomware is now the primary threat for businesses. And as we start the New Year, cybersecurity experts believe this criminal enterprise will reach new heights in 2022.

Threat groups DarkSideREvil, and BlackMatter all had a hand in the high-profile downfall in 2021 of businesses such as KronosColonial PipelineJBSKaseya.

The “perfect” prospect for ransomware victim in the US, according to Kela’s analysis of dark web forum activity will have:

  • minimum annual revenue of $100 million
  • preferred access purchases include domain admin rights
  • entry into Remote Desktop Protocol (RDP) services
  • entry into Virtual Private Network (VPN) services

Over the past number of years, we have seen a shift in operations and how they collaborate. For instance, ransomware operators have gone from disorganized splinter groups and individuals to highly sophisticated operations. In other words, separate teams collaborate to target everything from big business, SMBs to software supply chains. No one can escape from being on their radar.

Certainly, even their end goal has changed, with ransomware infection no longer important in a cyberattack. Rather the aim of malware families in this arena, groups like WannaCry, NotPetya, Ryuk, Cerber, and Cryptolocker want to blackmail payment from a victim organization. In other words, one component of an attack is designed to elicit a blackmail payment.

Current ransomware tactics are called “double-extortion” by Cisco Secure because there is a double extortion. Firstly, in one facet of the attack, victims will have their systems encrypted a note is sent demanding a ransom payment usually in Bitcoin. In the second facet of the attack, and in a bid to add pressure, they may have stolen corporate data before decryption and make threats to publish or sell the information. Of course, that’s unless a payment is agreed upon and made.  

The golden era of ransomware,”  as it’s known saw a 150% rise in ransomware attacks according to the European Union Agency for Cybersecurity (ENISA). These attacks were carried out between April 2020 and July 2021 during the COVID pandemic and in part due to the many monetization options, says the ENISA.

In the “big fish” hunting this is particularly notable as ransomware operators go after the larger more profitable companies that they can extract more money out of.

So, what can we expect from ransomware operators in 2022, if we keep this in mind?


Within the ransomware business is a service call Ransomware-as-a-Service (RaaS). That is to say, operators lease out a subscription either month to month or take a cut of cut of any successful extortion payments to other operators for their malware creations.

Many security experts believe RaaS will continue to rise in the future, as it is difficult to track down and prosecute operators.

Senior product marketing manager at HPE company Zerto, Andy Fernandez warns, “we’re going to see a continued increase in the severity and volume of ransomware attacks.” As a result, he says “we will see a growth in the ransomware-as-a-service market, which is able to propagate new versions and new methods in a much faster way than before. Whether you are a small business or large enterprise, at some point, you will be targeted by a ransomware attack that will try to get into your system and encrypt your critical data.”


Once an organisation has successfully been compromised there is an emerging trend that multiple attacks are leveraged against them, according to findings documented by CrowdStrike. Firstly, according to CTO Mike Sentonas data exfiltration and extortion go hand-in-hand. Secondly, in addition to threatening to go public with sensitive data, “some criminals have been known to sell files to each other or even to a competitor in a foreign market.”

As a result, and this is the important detail to know, Sentonas says, that “if a company pays one criminal gang” …the ransom demand…another gang could rear their ugly head and “demand exactly the same thing.”

In addition, others like Picus Security, warn of more extortion methods that could become commonplace. For example, the launch of Distributed Denial-of-Service (DDoS) attacks or the harassment of, or threats to customers and their family members.


A further extortion method that could be used this year is the introduction of companies paying operators to stay away and not attack them. A bit like the mafia model, “where you pay the criminal gangs to not target you.” Joseph Carson, Chief Security Scientist at ThycoticCentrify believes this could definitely be the case, “while RaaS is already in full swing.” This is on top of the other many ways ransomware can cost your business.


Perhaps permanently changing the face of working life is the COVID-19 pandemic. Firstly, many were forced to work from home. And still perhaps have chosen to stay at home or have a more office/home balance. Moreover, others have decided to abandon their positions in search of a different opportunity.

And 2022 is now officially the year known as “The Great resignation”, as the shift around of staff has cybersecurity ramifications. Experts are predicting a “direct correlation between staff turnover and cyber incidents.”

This can occur while new staff are being trained and unfamiliar with the protocols in place when it comes to an organisation’s security.

Business systems vary from organisation to organisation they have different processes, partners and software which may increase the risk of being compromised. Because ransomware is one of the biggest threats businesses must face.

 Thales’ Global VP of Engineering and Cloud Operations Ashvin Kamaraju also suggests that businesses may have fatigued or disgruntled workers. And even if staff are not meaning to be malicious, they may not be following employee guidelines when it comes to security, they are being lax.  the cost to replace an employee this year will go far beyond recruiting and training. Organisations need to “double down on training and onboarding”


John McClurg, the CISO at Blackberry foretells that how ransomware is used in 2022 and beyond may depend on the emergence of new technologies.

For instance, Quantum computing, could be once such area. Quantum computing is the concept of using quantum physics to enhance a computer’s ability to perform calculations. Certainly, advancements in quantum computing could also be leveraged to develop new attack vectors, says McClurg.

Above all, the Blackberry executive warns that Quantum computing has the “potential to break public-key cryptography”. In other words, security information stored by intelligence agencies will easily be decrypted in just a few years, through a powerful quantum computer. A definite cause for concern, as highly sensitive data will be open to threat actors and potentially security breaches on a grand scale.


With a massive explosion of high-profile ransomware attacks in mind there could be a huge shift in how cyber insurance and premiums work. As a result, maybe ransomware incidents won’t be covered at all in the future?

Insurers are more than likely to re-examine coverage if the blackmail payouts are reaching millions of dollars, it is just not a viable business for them. On the other hand, if coverage is still offered it is likely they’d impose strict guidelines, and this would determine whether the business would receive a policy payment. Above all, they could force policy holders to

  • adhere to industry-accepted security standards
  • agree to consist employee training

Failure to comply would result in no monies being reimbursed.

Secureworks Senior Director of EMEA Solutions, Ritesh Singhai reckons they’ll be a “watershed” moment for insurance providers on the horizon. And this will cause coverage for some threats to be “prohibitively expensive.”

However, if an organisation has no safety net to recoup their losses this could change the company view of their security. In other words, calculated risk of a ransomware attack could see businesses better prepare for the worst-case scenario. And that would be good move for businesses to be thinking about the future in terms of their cybersecurity.

Want insights like this in your mailbox? Join our monthly mailing list

How can we make your business better with IT?