5 Ransomware Predictions for 2022 by Index Engines

HOLMDEL, N.J. — In 2021 ransomware was truly brought into the average family’s home. Their weekend BBQ and gas station fill ups were affected by ransomware. Their nightly news brought talks of Russian hackers and numerous FBI alerts warning of advancing cyberattacks.

Well get ready, because a new year on the calendar is not going to end the disruptions to business operations. The 2021 attacks have been massively successful and profitable, predicting an ugly trend: Ransomware is going to get worse before it gets better, according to the cyber experts at Index Engines, a provider of unstructured data management software for network data, backup tape and governance.

Based on conversations with hundreds of organizations around the world, and studying millions of client cybersecurity analytics through Index Engines’ CyberSense data integrity software, here are five predictions on the path of ransomware in 2022.

Cyber criminals will get smarter

Cyber criminals slipped malicious code into a routine software update in the SolarWinds attack, but that was 2020. Cyber criminals will continue to find new, innovative ways to penetrate the data center and circumvent end-point solutions.

Their goal: do as much damage as possible and make it hard and expensive to recover. In October, ZD Net reported a new strain of malware that can encrypt a corporate system in less than three hours. It capitalizes on the new remote workspaces, breaking in through TeamViewer and deploying within 10 minutes.

Volume of attacks continue to increase

JBS Meats, Colonial Pipeline, Air India and CWT Global made massive headlines and drew record-breaking ransoms. Why would cyber criminals stop now? It’s a lucrative business and attracting more hackers into its criminal enterprise. And now, no hacking skills required. Angry employees, disgruntled patients and anyone with a grudge can command a cyberattack using Ransomware-as-a-Service such as Conti, which already has over 400 attacks linked to it, according to the FBI. It’s truly going to get worse before it gets better.

Attack vectors will get more sophisticated

Cyber criminals are deploying more sophisticated attack vectors and corrupting data in new ways. Lockfile ransomware was brought to light this past July, doing something unique in the field of ransomware, “intermittent encryption.” This method evades detection of many standard detection tools that do not check the integrity inside file content.

Other attack vectors also cause significant destruction while avoiding detection. Jigsaw uses encryption combined with a progressive deletion and CrypMIC corrupts files without changing the extension.  Index Engines expects more attack vectors that corrupt data in sophisticated ways in order to circumvent basic analytics tools.

Backups will be targeted

Again, cyber criminals are trying to do as much damage as possible to make organizations as desperate as possible and demand as much money as possible. Disabling, erasing and encrypting backups will hinder any attempts by organizations to recover. Standard data protection leaves organizations’ backups vulnerable and cyber criminals know it. Among those is Conti, who anyone with funds can elicit, and can execute 160 commands including net stop “Veeam Backup Catalog Data Service” /y which, as it sounds, stops Veeam backups. (Read more here.)

The FBI already warned “Malicious actors have also added tactics, such as encrypting or deleting system backups — making restoration and recovery more difficult or infeasible for impacted organizations.” In 2022, relying on backups that have not been analyzed to recover from a ransomware attack is no longer a viable strategy.

Organizational down time will increase

Average down time is now 23 days, up by two days in 2021. This will continue to increase causing considerable disruption to businesses and infrastructure. Forget the ransom, that’s only the beginning. Days and weeks of employee work are gone, orders can’t be processed, labor is delayed, cattle can’t be fed… and if an organization is trading publicly. the damage to their reputation is irreparable.

The post 5 Ransomware Predictions for 2022 by Index Engines appeared first on Security Sales & Integration.



from News – Security Sales & Integration https://www.securitysales.com/emerging-tech/cybersecurity-tech/pansomware-predictions-2022-index-engines/
via IFTTT

Comments

Post a Comment

Popular posts from this blog

Total Tech Summit Puts Call Out for Top Integrators to Apply Now

Image
FRAMINGHAM, Mass. — Total Tech Summit announces that applications are now being accepted to attend this year’s event. Comprised of the  SSI Summit, CE Pro Summit and Commercial Integrator Summit, this year’s event will take place in Las Vegas at the MGM Grand Hotel and Casino, Nov. 13-15. At this all-expense-paid, exclusive event, VIP guests will have the chance to sit in on industry-defining sessions, key boardroom presentations, and be able to meet one-on-one with potential vendors. Total Tech Summit brings together the best in class to share ideas, learn from others, and most importantly, accelerating the next stage of their businesses. It is the only event of its kind that bridges channels and connections by bringing together professional security, commercial AV and residential AV integrators. Another perk of the Total Tech Summit is the VIP Peer-to-Peer groups. These group conversations take place throughout the months leading up to the event and are guided by the editors of t
Read more

Top 10 Security Stories From October 2021: China Ban Gains Steam, Vivint Countersues ADT

October saw its fair share of legal issues and acquisitions. This month, lawsuits involved home security companies, a gunshot detection provider and even a media company. Vivint Smart Home is seeking retribution for the lawsuit ADT filed against it last year that alleged Vivint salespeople go to ADT customers’ homes, get them to sign Vivint contracts and install the company’s alarm systems in their homes under false pretenses. Vivint had requested a motion to have that lawsuit dismissed, but when the judge denied the motion, Vivint launched a countersuit claiming it is in fact ADT that is deceiving and stealing its customers. Gunshot detection provider ShotSpotter filed a lawsuit against media company Vice, alleging it is profiting off of fabricated claims. Vice has been critical about ShotSpotter’s technology in a multitude of articles. Though not a lawsuit, Dahua and Hikvision continue to feel pressure from the U.S. government as it considers a new measure that would make it imp
Read more

Minnesota AG Calls for Cancellation of Home Security Contracts for Alleged Fraud

STEARNS COUNTY, Minn. — Bring Me the News reports that Minnesota’s Attorney General, Keith Ellison, says he’s gotten consumers in Stearns County out of home security contracts after they were misled by a door-to-door salesman. According to the report, Ellison’s office announced that home security companies Skyline Security Management and Safe Home Security have agreed to their cancel contracts with customers in and around Stearns County who purchased their systems from door-to-door salesman Gary Harvey. “Door-to-door salesmen and their employers are in the business of trust-building,” Ellison said in a statement. “They know they need to have your trust to sell you their products, particularly expensive products like security systems that are supposed to keep your home safe. When that trust is betrayed, it’s emotionally and financially painful. I appreciate Skyline and Safe Home taking the right step in canceling these contracts while my office does what we can under the law to hold M
Read more