Written by Charlie Osborne – Ransomware is now a primary threat for businesses, and with the past year or so considered the “golden era” for operators, cybersecurity experts believe this criminal enterprise will reach new heights in the future. 

Kronos. Colonial Pipeline. JBS. Kaseya. These are only a handful of 2021’s high-profile victims of threat groups including DarkSide, REvil, and BlackMatter. 

According to Kela’s analysis of dark web forum activity, the “perfect” prospective ransomware victim in the US will have a minimum annual revenue of $100 million and preferred access purchases include domain admin rights, as well as entry into Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) services. 

Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. 

Ransomware infection is no longer an end goal of a cyberattack. Instead, malware families in this arena — including WannaCry, NotPetya, Ryuk, Cerber, and Cryptolocker — can be one component of attacks designed to elicit a blackmail payment from a victim organization. 

Cisco Secure calls current ransomware tactics “double-extortion.” Victims will have their systems encrypted in one facet of an attack, and a ransom note will demand payment, normally in Bitcoin (BTC). However, to pile on the pressure, ransomware groups may also steal corporate data before decryption and will threaten to publish or sell on this information, too, unless a payment is agreed upon and made.  

The European Union Agency for Cybersecurity (ENISA) said there was a 150% rise in ransomware attacks between April 2020 and July 2021. According to the agency, we are experiencing the “golden era of ransomware,” in part due to multiple monetization options. 

This is particularly notable in “Big Game hunting” when ransomware operators will specialize in going after large and profitable companies. 

With this in mind, what can we expect from ransomware operators in 2022? Read On: