In 2021 ransomware was truly brought into the average family’s home.  Their weekend BBQ and gas station fill ups were affected by ransomware. Their nightly news brought talks of Russian hackers and numerous FBI alerts warning of advancing cyberattacks.  

Well get ready, because a new year on the calendar is not going to end the disruptions to business operations The 2021 attacks have been massively successful and profitable, predicting an ugly trend: Ransomware is going to get worse before it gets better, according to the cyber experts at Index Engines. 

Based on conversations with hundreds of organizations around the world, and studying millions of client cyber security analytics through Index Engines’ CyberSense data integrity software, here are 5 unsettling predictions on the path of ransomware in 2022.

  1. Cyber criminals will get smarter. We saw cyber criminals slip in malicious code into a routine software update in the SolarWinds attack, but that was 2020. Cyber criminals will continue to find new, innovative ways to penetrate the data center and circumvent end-point solutions. Their goal: do as much damage as possible and make it hard and expensive to recover. In October, ZD Net reported a new strain of malware that can encrypt a corporate system in less than three hours. It capitalizes on the new remote work spaces, breaking in through TeamViewer and deploying within 10 minutes. 
  2. Volume of attacks continue to increase. JBS Meats, Colonial Pipeline, Air India and CWT Global made massive headlines and drew record-breaking ransoms. Why would cyber criminals stop now? It’s a lucrative business and attracting more hackers into its criminal enterprise. And now, no hacking skills required. Angry employees, disgruntled patients and anyone with a grudge can command a cyberattack using Ransomware-as-a-Service such as Conti, which already has over 400 attacks linked to it, according to the FBI. It’s truly going to get worse before it gets better.
  3. Attack vectors will get more sophisticated. Cyber criminals are deploying more sophisticated attack vectors and corrupting data in new ways. Lockfile ransomware was brought to light this past July, doing something unique in the field of ransomware, “intermittent encryption.” This method evades detection of many standard detection tools that do not check the integrity inside file content. Other attack vectors also cause significant destruction while avoiding detection. Jigsaw uses encryption combined with a progressive deletion and CrypMIC corrupts files without changing the extension.  We will see more attack vectors that corrupt data in sophisticated ways in order to circumvent basic analytics tools.
  4. Backups will be targeted. Again, cyber criminals are trying to do as much damage as possible to make organizations as desperate as possible and demand as much money as possible. Disabling, erasing and encrypting backups will hinder any attempts by organizations to recover. Standard data protection leaves organizations’ backups vulnerable and cyber criminals know it. Among those is Conti, who anyone with funds can elicit, and can execute 160 commands including net stop “Veeam Backup Catalog Data Service” /y which, as it sounds, stops Veeam backups. The FBI already warned “Malicious actors have also added tactics, such as encrypting or deleting system backups—making restoration and recovery more difficult or infeasible for impacted organizations.”  In 2022, relying on backups that have not been analyzed to recover from a ransomware attack is no longer a viable strategy.
  5. Organizational down time will increase. Average down time is now 23 days, up by two days in 2021. This will continue to increase causing considerable disruption to businesses and infrastructure. Forget the ransom, that’s only the beginning. Days and weeks of employee work are gone, orders can’t be processed, labor is delayed, cattle can’t be fed… and if an organization is trading publicly. the damage to their reputation is irreparable. 

Additional information about Index Engines is available at