Ransomware Trends | Torchlight Security

Understand the current trends in ransomware, from tactics to targets and learn how to protect your business.


Current Trends in Ransomware

Ransomware has been around almost as long as companies, institutions, and governments have been reliant on customer and constituent data. But there are ups and downs in popularity, tactics, and targets that can affect your company’s risk profile. Here are five things you need to know about ransomware that could put your company at risk:

1) Ransomware Threat Actors Are Infiltrating – and Remaining In – Networks

Every day, thousands of individuals and corporations are targeted for ransomware attacks. Traditionally, hackers would make a target organization’s data inaccessible, making it impossible to carry out business operations. Today, hackers can extend malicious behavior to “dwelling,” a prolonged process of gathering personal data regarding a company and its employees.  One example? An employee checks his bank account while at work. The malicious actors can gain access to that personal information because they have infiltrated the work network.

2) Remote Work Makes for More Endpoints and Potential Targets

Many companies saw the shift to remote work in early 2020 and it was seen as temporary. These organizations struggled to implement more permanent (and secure) work from home solutions when the pandemic lasted longer than they expected. Remote work opens up a larger variety of endpoints and devices that employees attempt to use for work purposes. If quality access to a VPN isn’t available, organizations are subject to a remote desktop environment that does not have the network security needed for a robust defense.

3) Despite a Brief Dip, Ransomware is Becoming More Prevalent

Global ransomware costs in 2021 were expected to have reached $20 billion. That’s a huge increase from the $1 billion ransomware criminals were making in 2015. According to the annual Internet Crime Report, the FBI received 2,500 ransomware complaints in 2020, a 20% increase from the previous year. Similarly, the bureau reported the cost of attacks to be about $29.1 million, a 200% increase from the year before. This growth seemed unprecedented during the pandemic and is poised to continue.

The Colonial Pipeline Ransomware event in 2021 temporarily drove many malicious agents underground. The hack, perpetrated by the firm DarkSide, had unprecedented effects across the US east coast, causing sharp spikes in gas prices. However, with this great occurrence came greater scrutiny and government involvement, driving DarkSide and similar threat actors underground waiting until the fear and more intense scrutiny on critical infrastructure lessened. Shortly after the attack, there was a marked decrease in high profile ransomware cases. Companies shouldn’t think of this as the end of ransomware attacks but a shift in the way they are perpetrated.  Malicious actors have shifted their focus away from critical infrastructure for the time being. 

It is anticipated that in 2022 the Ransomware-as-a-service (RaaS) model will see continued growth.  RaaS actors are pivoting to SMBs, which garner less attention, as government involvement in defense of critical infrastructure makes small to medium-sized businesses more attractive. 

4) Increasing Specialization Makes Total Defense Difficult

For many years, specialization in each individual step in the ransomware attack chain has led to increasing difficulty in cyber defense. Firms (like DarkSide) are not only developing SaaS ransomware models, but also specializing in one part of the process. One example involves actors who simply look for a way into networks by phishing for credentials – these specialists then sell that information to others who will carry out an attack.

5) Organizations Should Prepare Before It’s Too Late

Waiting for the next wave of ransomware attacks puts every organization at a disadvantage. If your business needs help with proactive protection against ransomware and other types of attacks, TorchLight is ready to help. TorchLight puts protection into practice and executes various attack scenarios with customers so they are prepared for the worst.