Monitoring deep, dark and surface web to detect exposure of your sensitive data, secret projects and initiatives, privileged users, critical systems, IT infrastructure, and more.
Monitoring and alerting of third party data breaches impacting your employees’ emails, usernames, and personally identifiable information.
Assess the risk footprint and security posture of key business relationships to get a handle on external risk introduced through your extended attack surface.

Sign Up for Updates

Digital risk monitoring of key personnel with telemetry and risk metrics. VIPRecon provides broad coverage of social media, deep and dark web, as well as physical threat assessments.
Our Ransomware Response Readiness Assessment, Playbook and Table Top Exercise gives your organization the best chance to survive and recover.
Gain visibility of your digital footprint by reaching into the most active areas of the cyber underground.
Fully managed and tailored Threat Intelligence services that becomes an extension of your current security processes and provides real-time visibility on new threats.
Providing research and investigations into known threats, to save security teams time and stress during a cyber emergency.

Sign Up for Updates

GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks, including negotiations with threat actors.
Actively researching and monitoring threats from vendors or third-party companies that can affect organizational security.
Monitoring for threats to elections, VIPs, and more on social media to proactively prevent or mitigate digital risk.
Focusing on the threats and risks that matter to your security processes and providing intelligence and insights to prevent or mitigate digital risk.
Taking the next step in security services, by proactively taking down phishing sites or anonymously interacting with threat actors to provide better intelligence.
Active monitoring of your brand's digital assets to protect its reputation and stop further brand abuse from targeting unsuspecting victims.

Sign Up for Updates

Combining your cyber and fraud programs to effectively fight threat actors continually scamming or threatening assets within an organization.
Executives are prime targets for fraudulent activities, but with a proactive approach, any attacks or threats can be neutralized before causing any damage.
Governments, political parties and candidates must all act now to activate cyber threat intelligence services to harden their information security and get ahead of inevitable cyber threats to the election process.
6 min read

Five Ransomware Predictions for 2022

Dec 22, 2021 9:30:00 AM

In 2021, we saw a steady rise in the number of ransomware attacks. It’s projected that global ransomware damage costs will reach $20 billion by the end of 2021. Nearly every week, you hear of a new high-profile catastrophic breach, but organizations of all sizes have been critically impacted by ransomware and cyber threats.

According to a 2021 ransomware report[1], the average cost of a data breach reached $4.24 million per incident- the highest it’s been in 17 years. The rise of ransomware attacks in 2021 came followed by the largest ransomware payout made by an insurance company at $40 million, setting a world record[2].

Ransomware is an ever-evolving threat and will continue to be a grave concern in 2022. Bryce Webster-Jacobsen, Director of Intelligence Operations at GroupSense, shares his predictions on what could be coming in 2022.

Ransomware attacks will continue to increase as we shift into 2022.

We will see a growing number of attacks in 2022 for two reasons:

  1. More Transparency and Reporting: Organizations are coming forward after being attacked. In 2020, the FBI[3] received 20 percent more reports of ransomware. In prior years, ransomware attacks were hidden in the shadows, so it was difficult to know the exact data of the affected organizations. However, public perception of ransomware has changed and there are consequences for not being transparent and reporting an attack. The White House[4] issued an executive order in July that requires U.S. government contractors to report ransomware and other cyber incidents. And after the Colonial Pipeline attack, the Department of Homeland Security[5] issued new requirements for pipeline owners and operators to report cybersecurity incidents.
  2. Profitability: Ransomware will continue to increase for the simple reason that it is profitable. The ransomware ecosystem is a viable model for ransomware threat actors. Demands and payments have been steadily growing year-over-year.

In 2022, we will continue to see an evolution in the ransomware threat actor group landscape.

In 2021, we saw many ransomware groups splinter, fracture and rebrand. We expect this trend to continue. One of the biggest Ransomware-as-a-Service (RaaS) groups to disband in 2021 was BlackMatter. Reportedly they split up due to pressure from law enforcement officials[6].

This will continue in 2022 for a variety of reasons, such as increased law enforcement and/or too many high-profile attacks. Reinvention is a survival skill to many cyber criminals – it is not uncommon to see threat actors from one group morph into another group. In fact, we predict that the most prolific ransomware gang in 2022 doesn’t even exist yet.

Law enforcement will continue to issue high profile arrests and shutdowns on the ransomware infrastructure.

Government agencies have been cracking down on finding ransomware threat actors and bringing them to justice. Recently, the Department of Justice launched a 30-nation coalition targeting threat actors with aggressive tactics. Their goal is to disrupt ransomware threat actors who have previously operated in international safe havens.[7]

Sadly, this just scratches the surface. Organizations need to take ownership of their cybersecurity hygiene and implement incident response plans for the inevitable.

Cyber insurance premiums are going to skyrocket.

We predict there will be an increase in requirements and/or more prerequisites for getting cyber insurance coverage. Ransomware attacks have increased, thus so have cyber insurance claims and losses. It is inevitable the market will shift and insurance brokers will react. In the second quarter of 2021, the average premium for cyber insurance increased 25.5 percent[8]. In May, AXA France suspended cyber insurance reimbursements for its customers in France[9].

Even with increasing rates and premiums, organizations are turning their attention to obtaining cyber insurance policies to cover all their bases. No organization is immune to the current economic state of ransomware. Without insurance, a company must figure out how they're covering not just the actual ransom itself, but all the expenses related to recovery and investigations and incident response.[10]

Threat actors might avoid high-profile attacks and turn to small and medium-size businesses (SMBs).

Threat actors looking for a big payout might be enticed by attacking a high-profile organization. However, when you attack a high-profile organization, it can come with unwanted attention by the FBI and other government agencies. Staying under the radar can pay off in the long run. 46 percent of SMBs have been targeted by ransomware and 73 percent have paid the ransom[11]. SMBs might not have the same sophisticated cybersecurity policies and procedures a larger organization has in place – making them an easier target for threat actors. An attack on an SMB can also be devastating as they might be more willing to pay a ransom because the business impact could cripple an organization.

About Bryce Webster-Jacobsen

Bryce is the Director of Intelligence Operations at GroupSense, a leading provider in Digital Risk solutions. Bryce leads the day-to-day intelligence activities of GroupSense's Analyst and Research teams producing finished, tailored intelligence for our diverse clients.

Prior to GroupSense, Bryce worked in strategic international education initiatives while pursuing OSINT training and investigations, primarily focused on studying extremist movements, as a passion project.


Topics: Blog Ransomware

Written by Editorial Team