Ransomware Attacks in 2022 – Things are NOT Getting Better: A Call to Arms

Jason Weiss
Faegre Drinker Biddle & Reath LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Faegre Drinker Biddle & Reath LLP

The success of ransomware attacks in 2021 has only emboldened cyber threat actors around the globe to continue these nefarious attacks on innocent victims. Ransomware attacks are only going to be growing in 2022. This conclusion comes from a recent international partner advisory (Advisory) jointly issued by The Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the NSA.

The Advisory details the top trends seen throughout the international community in the growth of ransomware attacks:

  • Increased phishing attacks
  • Use of stolen remote desktop credentials and brute-force attacks
  • Growth in cybercriminal services for hire
  • More cyber threat actors sharing information about target victims
  • More diverse attack matrixes, including cloud services, industrial processes and the software supply chain
  • Increased numbers of attacks on weekends and holidays

Another major trend leading to the growth of ransomware attacks in 2022 appears to be the explosion of Ransomware as a Service offering by ransomware gangs across the globe. As discussed here, ransomware gangs are “franchising” their ransomware tools and techniques to less organized or less skilled cyber threat actors, leading to a tidal wave of new ransomware attacks.

Finally, CISA notes that many of these new ransomware attacks are also specifically targeting critical infrastructure industries throughout the United States. CISA states that ransomware attacks have focused predominately on 14 of the top 16 of these industries, with major attacks against these critical industries:

  • Communications
  • Emergency water services
  • The energy sector
  • Financial services and
  • The healthcare sector

According to Data Breach Today, there are defenses that can be employed in this battle:

  • Keep all operating systems and software fully patched and up to date
  • Lock down and prohibit remote access
  • Train users to better identify and prevent cyber-attacks, especially phishing attacks
  • Have fewer users with administrative access and privileges on the network
  • If you use a Linux-based system, lock it down and ensure that there are “defense in depth” protections in place
  • Ensure that you have implemented and are using multifactor authentication (MFA) wherever possible and
  • Protect cloud data by ensuring the use of MFA and encrypt data stored in the cloud

Another interesting defensive possibility may be a greater use of Zero Trust Architecture (discussed here). There is strong momentum for Zero Trust as a means of slowing and even combatting new ransomware attacks. We will be discussing this in more detail in an upcoming blog.

2022 promises to be an even more dangerous and expensive year than 2021 when it comes to defending against ransomware attacks. The time has come to become proactive in this battle — don’t wait to be a victim.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Faegre Drinker Biddle & Reath LLP | Attorney Advertising

Written by:

Faegre Drinker Biddle & Reath LLP
Faegre Drinker Biddle & Reath LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Faegre Drinker Biddle & Reath LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide