Ransomware Attacks Are Growing. We Need New Defences


The onslaught of ransomware attacks in 2020 and 2021 proved that current methods of cyber defence are no longer effective. In 2022, we will see a shift in mindset among security leaders and defenders that will help slow the growth of attacks.

Historically, defenders have focused on protecting specific points of entry, tracking a single threat related to criminal activity, such as phishing campaigns, unpatched firewalls, Microsoft Exchange weaknesses and so on. But the introduction and rapid growth of Ransomware-as-a-Service (RaaS) since 2019 has allowed ransomware groups to vastly expand their targets, raising the threat and leaving organisations vulnerable from multiple angles. This makes the traditional defence mindset far less effective.

RaaS allows newer threat actors to easily launch ransomware attacks while giving more experienced groups a chance to profit from their “affiliates”. The affiliate system turned ransomware into a hot-swappable market, enabling syndicates to jump around and use different tactics to gain access to a target’s system. If Conti is shut down, affiliates can jump right to BitLocker. If that is stopped, they can join BlackMatter or any of the other RaaS offerings advertised on underground forums. The fluidity of affiliates – some belonging to multiple RaaS offerings simultaneously – means that ransomware is hard to track using current methods.


In 2022, we will broaden the way we think about ransomware actors. They are not a single homogenous group, but rather a collective of dozens of independent threat actors working collaboratively. Defences will expand to track individual affiliates, irrespective of which ransomware they’re deploying. There is a growing mantra in information security that it is never a good idea to name threat actors after the tools they use because the tools and actors are so fluid. We will finally correct this. 

Though many ransomware threat actors are based in Russia, we have also seen an uptick in attacks emanating from China. The market will continue to diversify as more cyber criminals see ransomware as a lucrative business and the affiliate system makes it easy to enter. From January to July 2021, ransomware attacks came via phishing campaigns, Remote Desktop Protocol, Citrix, Pulse Secure VPN and more, all being used in various ways. The diversity of the attack vectors is vast and the list of vulnerabilities will continue to grow as threat actors’ methods advance and they discover exploitable weaknesses. This requires organisations to take a universal protection strategy, defending all possible entry points rather than devoting resources to blocking what they see as the biggest threat of the moment.


It’s a methodology that’s already being recommended by security experts, and in 2022 this approach will gain momentum, only growing in urgency. Budgetary limitations of companies often make it difficult for multiple large security upgrades to happen quickly and simultaneously, but organisations that opt for incremental changes will leave themselves exposed. By the time one vulnerability is patched, ransomware actors will have found access through another route.

Despite global government acknowledgment of ransomware, there will not be legislation and policy change rapid enough to enforce this defence method. It will be led by organisations as they stop playing whack-a-mole with their security and instead focus on the specific affiliates behind the attacks. Mandiant’s release of its infamous APT1 report in 2004 was the first sign that private organisations were not treating nation state actors as monoliths. Different nation state groups had different skill levels, used different tools and had different goals. We will finally catch up to that mode of thinking with ransomware affiliates in 2022.

After years of bigger, bolder attacks and rising ransom payouts, 2022 promises to be the year leaders across sectors and industries experience a ransomware reality check. When mindsets shift, organisations and the citizens they serve will be better protected.

Get more expert predictions for the year ahead. The WIRED World in 2022 features intelligence and need-to-know insights sourced from the smartest minds in the WIRED network. Available now on newsstands, as a digital download, or you can order your copy online.

More Great WIRED Stories