2022 Threat Predictions: Ransomware, Ransomware, Ransomware

Many of the cyber professionals who submitted predictions for the upcoming year seem to think that ransomware will continue to be one of the top threats in 2022.
December 24, 2021
Logo scmedia

Editor's Note: This article was originally published on www.scmagazine.com.

Graduating from being known mostly in the tech and cybersecurity communities, ransomware made the leap into the consciousness of the public at large over the last year, thanks to attacks grabbing mainstream headlines and affecting the everyday lives of a significant number of people.

Many of the cyber professionals who submitted predictions for the upcoming year seem to think that the threat posed by groups infiltrating organizations’ systems and encrypting their data for a handsome payday will continue to be one of the top threats in 2022. Threats to or posed by supply chains, cryptocurrency and nation-states also received mentions from the experts.

But the predictions weren’t all doom and gloom: Some experts noted that cybersecurity may receive more attention from CEOs and boards in 2022, while information sharing will flourish along with ISACs.


Money is the motivator in ransomware attacks, says Mike Campfield, vice president of global security programs at ExtraHop:

"Ransomware will continue to be the largest security issue in 2022. APT actors are the next major threat and that is because they are not as financially motivated. These types of attacks are more multifaceted than ransomware, as it’s not just about financial protection, but also about IP and data protection. Supply chain attacks are the third major concern given the advanced techniques that are now being deployed to easily deliver these types of attacks. They no longer rely on phishing. Attackers can infiltrate the entire supply chain without having to go through the front door. The security problem isn’t going to go away. As long as there's money at the end of it, whether it is someone stealing IP or money, they will always find a way to get it."

The professionalization of ransomware groups, says Archie Agarwal, founder and CEO of ThreatModeler:

Ransomware will continue to rampage, and payments made to criminals by organizations and insurers to decrypt data will continue to rise with it. This pattern will start to raise serious questions as criminal gangs become wealthier, professionalize and use their ill-gotten gains to fund faster weaponization of exploits and buy zero-days off the shelf to gain entry for their next round of ransomware. Due to this lucrative feedback loop, we will hear more stories of criminal ransomware groups with VPs of product and organizational structures mirroring those of legitimate organizations. All these developments will lead to public debate on paying extortionists.”

Ransomware will become the top tactic used in software supply chain attacks and third-party data breaches, says Brad Hibbert, chief operating officer and chief strategy officer at Prevalent:

"After a banner year of high-profile ransomware attacks originating from third-party suppliers (for example Kaseya and others), 2022 will only see more as cybercriminals continue to perfect their attack methods, increase their sophistication and follow the money. Top targets will include third parties that supply goods and services to the automotive, mid-sized banking, and retailing industries due to the criticality of the data and systems they have access to. "

Ransomware defenses need a refresh, says Carolyn Crandall, chief security advocate at Attivo Networks:

“Ransomware defenses must get a badly needed refresh. Ransomware 3.0 is here, characterized by double extortion, where cybercriminals not only encrypt files but also leak information online that can drastically impact everything from the company’s image, profits, and stock price. There’s no longer a one-size-fits-all approach to defending against these attacks. With over 300 variants, stopping ransomware requires a multi-faceted approach. One that starts with protecting Active Directory and privileged credentials. In 2022, organizations will be unable to keep up with understanding how each group operates and instead, will need to improve their visibility to exposures and add detection measures that are based on technique. Setting up traps, misdirections and speed bump lures along the way will also serve as strong deterrents to keep an attacker from being successful." 

Disinformation meets ransomware, says David Etue, CEO at Nisos:

"We have seen the influence of disinformation and coordinated inauthentic activity on elections, the public perception of vaccines, and a range of other topics. We have seen numerous successful ransomware attacks targeting businesses, utilities, and municipalities — and disrupted or shutting down their operations. Given the success of these attacks, it seems inevitable that they will soon merge. No longer will ransomware threats be restricted solely to locking down access to networks. New attacks will emerge where threat actors contact corporations and demand ransom to avoid the use of their sock puppets and inauthentic networks to spread disinformation and lies about their executives, their labor practices, their business associates, or potentially dangerous products. While no company wants to be victimized in this manner, boards and executives will once again have to make the difficult choice of paying the ransom or having their companies and shareholders fall victim to these attacks. "

Phishing attacks grow only more prevalent, with ransomware an ultimate goal, says Ihab Shraim, CTO of CSC DBS:

"Companies will continue to fall to cyberattacks, with the most dangerous types being phishing attacks that lead to ransomware attacks or impersonation fraud that leads to PII theft. Phishing campaigns launched by bad actors capitalize on targeting their attacks based on seasonal holidays and world events (e.g. COVID). In 2022, we will see these types of attacks mostly delivered via targeted email campaigns, as they are using them as an enabler for the next big attack."

Supply chain

Supply chain attacks sightings will peak, says Moshe Zioni, vice president of security research at Apiiro:

“I believe that supply chains will peak in 2022 due to insights from both sides of the coin. For example, on the attacker’s side, cybercriminals will be drawn to supply chain attacks more than ever because of the ease of operation under the ‘black-box’ that those systems provide. With that said, from the defender's side, I foresee that we’ll see more and more solutions, detection mechanisms and practices for different parts of the supply chain that will be present at more enterprises, leading to better detection chances.”

Increase of massive-scale cyberattacks on supply chain, says Jeff Costlow, chief information security officer at ExtraHop:
"Supply chain attackers will take advantage of a lack of monitoring within an organization’s environment. They can be used to perform any type of cyberattack, such as data breaches and malware infections. Supply chain attacks, especially for cloud service providers will become more common and governments will have to establish regulations to address these attacks and protect networks.  We can expect to see more international collaboration between the private and public sectors  to identify and target more threat groups operating on global and regional scales." 

Governments and agencies

Federal agencies will get serious about cyber fundamentals, says James Hayes, vice president of government affairs at Tenable:

“From the Biden administration’s executive order on improving the nation’s cybersecurity to CISA’s directive on remediating high-risk vulnerabilities, security has taken center stage for the federal government in 2021. As a result, 2022 will see more and more agencies hardening their security postures — adopting zero trust, gaining better visibility into attack surfaces, increasing collaboration and more. This will be increasingly apparent among high-risk environments often targeted by foreign adversaries like critical infrastructure and operational technology (OT). Securing our nation’s infrastructure has become more important than ever and agencies will prioritize accordingly.”

The No. 1 security threat for the next five years will be nation-state attacks, says Mark Bowling, vice president of security response services at ExtraHop:

“Campaigns by nation state attackers have the greatest opportunity to damage the safety and security of the people in the U.S. Espionage-style attacks for both economic gain and military gain will increasingly target the U.S. for nation-states to gain leverage over the political sphere. Not only will they increase in number, they will improve their cyber espionage tradecraft. They won’t stop until the U.S. attempts to deter it.  “

Political cyberwar will increase, says Jeremy Ventura, senior security strategist at Mimecast:

“From a political and international relations standpoint, we will see countries, nations and collation entities take a big leap in holding other nation-states that house cybercriminals accountable. Economic, trade, military and manufacturing sanctions will be enforced, potentially causing a ‘political cyberwar.’” 


Governments must regulate crypto to eliminate ransomware, says Andrew Rubin, CEO of Illumio:

"While ransomware is here to stay, there are ways we can deal with the threat. Part of the reason why ransomware attacks have been so pervasive is because of the ability to exchange large sums of money without traceability. If we want to definitively eliminate ransomware, governments must regulate cryptocurrencies to shut down the crypto economy. However, that’s not realistic — there are legitimate economies running on crypto. Until we eliminate or regulate the cryptocurrency economy, we will keep seeing the rise of ransomware into 2022 and beyond."

Crypto regulation will have no impact on cybercriminals, says Anuj Goel, CEO of Cyware:

“The public sector may continue to regulate cryptocurrencies, but it will do nothing more than hinder coins overall. We’ve seen this with Ripple and SEC, which were delisted from all U.S. accessible exchanges, like Coinbase. Despite attempts to dismantle coins and exchanges, threat actors will simply find new digital currencies to carry out attacks.”

Good news?

2022 will be the year of “COVID security cleanup,” says Andrew Maloney, co-founder and chief operating officer for Query.AI:

“When COVID-19 forced organizations to transform their business models practically overnight, companies did what they had to do to keep the lights on and their employees connected in a remote world. They deployed a voluminous number of new technologies in a sprint to sustain operations, and, in many cases, moved so quickly that they were unable to properly address security concerns. This has left CISOs stuck mopping up a big mess: plugging all the security holes introduced by organizations’ rush to digitally transform. Even with CISOs focused on COVID security cleanup, they can only move so fast, and we’re likely going to see significant fallout over the coming years (e.g., security incidents caused by cloud misconfigurations, excessive access rights and shadow IT). That said, it’s not all bad news for CISOs. A side effect of this situation will be that more CEOs and boards will begin to see cybersecurity as a business problem — and CISOs may finally get their long-awaited and deserved seat at the boardroom table.”  

Ransomware regulations will lead to greater information sharing, says James Nelson, vice president of information science at Illumio:

"Historically, organizations have been reluctant to report when they’ve had a breach because it’s been seen as bad press and bad for business. This has led to a huge knowledge gap about attacks. However, as reporting becomes normalized (and/or required), and companies start talking more openly about how they approached a particular breach, other organizations will benefit deeply from their experience in combating these attacks. As organizations and governments realize the need to share information about security incidents, we’ll see it become the norm in 2022. As a result, we’ll begin to chip away at the ransomware business model and limit its impact."

The power of sharing intel, says Anuj Goel, CEO of Cyware:

“ISACS will grow in size and regional information sharing communities will emerge as threat intel transparency becomes a priority for private and public sectors. Information sharing is still considered a fairly altruistic act and requires a culture shift to get skeptics on board. As more businesses offer remote options for employees, it will become imperative for businesses to integrate intel sharing procedures into their company policies. With this, regional B2B information sharing groups will emerge and industry-specific ISACs will continue to flourish as organizations realize the power intel sharing provides defenders.”