News & AnalysisSecurity

Global Ransomware Crisis to Deepen in 2022, Says Avast Researcher


Cyber security experts from digital security and privacy firm Avast researchers foresee cyber criminals making advancements to ensure the effectiveness of ransomware, a continuation of cryptocurrency scams, heists, and crypto mining malware. They also anticipate attacks abusing companies with work from home policies in place are also anticipated.

Ransomware gangs will step up their game

Studies have reported the total value of suspicious activity related to ransomware in the first half of 2021 was 30% higher than the amount filed for all of 2020. This year, vital businesses such as the Colonial Pipeline, JBS, one of America’s largest beef producers, and Swedish supermarket chain, Coop, were affected by ransomware.

Jakub Kroustek, Avast Malware Research Director predicts the global ransomware crisis to deepen in 2022, with further attacks on critical infrastructure, such as aviation. In order to better target businesses, the researchers believe cyber criminals offering ransomware as a service (RaaS) will improve affiliate models, including adding ransomware designed for Linux, better payouts, and building upon extortion layers.

The Conti ransom gang recently threatened to sell access to the hacked organization in addition to selling or publishing files if a company refuses to pay. Furthermore, attacks are expected to be carried out by company insiders, the researcher says.

“Two years ago, the most successful ransomware gangs began shifting their focus from spray and pray-like attacks on consumers, to focusing on targeted attacks on businesses. We expect this trend to continue, but also anticipate a resurgence of ransomware targeting consumers, with cyber criminals adapting some of the techniques used to attack businesses, like using multiple layers of extortion, such as data exfiltration followed by doxing,” Kroustek mentions.

He adds, “In order to do so effectively, a significant amount of automation will be required to identify valuable data, due to the larger number of individual targets, and their systems being more fragmented data sources. We also wouldn’t be surprised if more and more Mac and Linux users were to fall victim to ransomware, as malware authors have begun to consider these platforms when writing their code, in order to target a wider audience and thus maximize their profits.”

Cybercriminals will continue to collect digital coins

With Bitcoin reaching a new all time high in 2021, Avast experts forecast a continuation of the use of crypto mining malware, cryptocurrency related scams, and malware targeting cryptocurrency wallets, as well as heists on exchanges in 2022.

“Cryptocurrencies, like Bitcoin have risen in popularity over the past years, and experts believe their value will continue to rise in the next few years. Cyber criminals go where the money is and so they will continue to spread mining malware, malware with wallet content stealing capabilities, scams related to the trend, and will continue to carry out heists on exchanges,” says Kroustek.

Work from home will keep company doors open for cyber criminals

While some aspects of public life have returned to normal, or a hybrid version of what society once was pre-pandemic, work from home will likely continue. According to a McKinsey survey from May 2021, office space managers expect a 36 percent increase in work time outside of their offices, after the pandemic. Working from home provides employees and companies benefits, but poor implementation in terms of network security set-ups will continue to put companies at risk.

“Misconfigured VPNs, especially without two-factor authentication, leave businesses particularly vulnerable as they are basically a locked door protecting extremely valuable information that would be better protected with a second lock or in a safe. This scenario gives cyber criminals easy access into a company’s network, if they can either get their hands on login credentials or can crack these,” explains Kroustek.

“Another work from home related risk is employees downloading company data onto their personal device, which may not have the same level of protection as their company issued device.”

Additionally, he predicts audio deepfakes will be used in spear-phishing attacks. Criminals will use deepfake audio to imitate an executive or other employee to convince someone to grant them access to sensitive data or to a company’s network.

“Cyber criminals may have more success with deepfakes audio, because many people are still working from home. This means they cannot either see that the person on the phone is really at their desk typing and not on the phone with them, or they cannot confirm the person’s request by physically going over to them,” continues Kroustek.

How to protect oneself from attacks going into 2022

“No one should assume they are immune to cyber attacks, regardless of the operating system they use and the amount of technical expertise they have, software producers included,” explains Kroustek.

“Supply chain attacks, like the attack on Kaseya that spread ransomware to its clients, happen time and time again and will continue to occur. It is therefore vital devices be protected with security software”.

Patching will continue to be essential when it comes to combating ransomware and other attacks that propagate via unpatched software. Attackers will use vulnerabilities/exploits more frequently, even for commodity malware, like crypto miners, he says.

Computer and mobile users alike should stick to official sites and app marketplaces when downloading software and updates to avoid malware and scams, as well as read reviews carefully to catch any red flags. Moreover, users should avoid clicking on suspicious links, such as links sent from unknown senders, regarding purchases, for example, that they did not make, or related to accounts they do not have, and links that do not match the service being referred to in messages, says the researcher.

Two factor authentication should be applied wherever possible, this applies to consumers and businesses alike, but is especially important for VPN configurations.

Finally, in terms of actions police can take to combat and eliminate the source of attacks, Avast experts foresee Infrastructure as a Service (IaaS) to be used more frequently, with malware authors primarily focusing on their malware, rather than the infrastructure it lives on. This could allow police to take down IaaS, to take down entire operations, sums up Kroustek.

Leave a Response