Cybercriminals carried out a record number of ransomware attacks last year; experts expect more in 2022

It might be a different year, but old threats linger—especially in cyberspace.  An advisory covering the current cyberthreat situation issued by federal agencies and international partners Wednesday outlines a growing threat posed by ransomware that’s expected to continue through 2022. 

“Cybercriminals are increasingly gaining access to networks via phishing, stolen remote desktop protocols, credentials or brute force, and exploiting software vulnerabilities,” the advisory says. Over the last year, especially, “The market for ransomware became increasingly ‘professional’ and there has been an increase in cybercriminal services-for-hire.”

With this expansion of cybercrime into more of an enterprising space, the advisory notes that ransomware groups have begun sharing victim information with each other, including victims’ network access information. They’re also diversifying extortion methods to get around defenses and evolving their practices to best exploit vulnerabilities, such as by targeting public organizations on holidays and weekends. 

And from local school districts to vital infrastructure vendors, cybercriminals have broadened their targets. The advisory highlights that nearly every aspect of the nation’s critical infrastructure was digitally attacked in some way last year, including the emergency services sector, food and agriculture, and government facilities. 

“We live at a time when every government … must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), in a statement. CISA, along with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA) and several international organizations including Australia and the United Kingdom collaborated on the advisory. “While we have taken strides over the past year to increase awareness of the threat, we know there is more work to be done to build collective resilience.” 

While action has been taken by federal agencies to make local governments aware of the threat, more education is needed, Easterly said, urging “organizations to review this advisory,” and “take action to strengthen their cybersecurity posture, and report unusual network activity or cyber incidents to government authorities.” 

Among the most effective defense measures that can be implemented by IT administrators is multi-factor authentication, a keystone of the Zero Trust Framework, a digital defense] strategy that’s currently being implemented within agencies and vendors at the federal level. 

Last year, Eva Valesquez, president of the nonprofit Identity Theft Resource Center, said experts in the field observed a shift in the way identity crime is carried out.  

“We may look back at 2021 as the year when we moved from the era of identity theft to identity fraud,” Valesquez said in comments about her organization’s data theft analysis “2021 Annual Data Breach Report.” While the number of attacks increased, so also did their sophistication and complexity, “requiring aggressive defenses to prevent them. If those defenses failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.” 

The number of data compromising-attacks (1,862) also increased last year by nearly 70 percent over 2020, according to the resource center’s report. The number represents a 23 percent increase in attacks over the previous all-time high set in 2017 (1,506). At the current rate of increase that’s been documented over the last few years, ransomware attacks—a type of malicious software prevents user access until a ransom is paid and it’s unlocked—are projected to surpass phishing as the number root cause of data compromises by the end of 2022. Phishing is a method of trying to trick human users into releasing sensitive information. 

Looking ahead, Valesquez stressed the importance of maintaining “good cyber-hygiene” as organizations “of all sizes struggle to defend the data they hold.” 

To help local governments connect with national resources, Easterly highlighted a new guide covering cyber incident resources that’s intended to help “anyone at the state and local level to understand how to partner with federal government when facing a major incident.” 

“It is increasingly difficult in this highly digitalized, highly connected world we live in to prevent a cyber-attack from happening,” she said, speaking at the National Governers Association’s 2022 Winter Meeting. “The more you are prepared for it, the more you are able to respond and recover and mitigate risk and damage to your networks the better off you’ll be.”

For more information and to find out more about connecting to resources, visit the federal government’s catch-all cybersecurity website, stopransomware.gov.