Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

Ransomware Attacks in 2022 – Things are NOT Getting Better: A Call to Arms

Share

The success of ransomware attacks in 2021 has only emboldened cyber threat actors around the globe to continue these nefarious attacks on innocent victims. Ransomware attacks are only going to be growing in 2022. This conclusion comes from a recent international partner advisory (Advisory) jointly issued by The Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the NSA.

The Advisory details the top trends seen throughout the international community in the growth of ransomware attacks:

  • Increased phishing attacks
  • Use of stolen remote desktop credentials and brute-force attacks
  • Growth in cybercriminal services for hire
  • More cyber threat actors sharing information about target victims
  • More diverse attack matrixes, including cloud services, industrial processes and the software supply chain
  • Increased numbers of attacks on weekends and holidays

Another major trend leading to the growth of ransomware attacks in 2022 appears to be the explosion of Ransomware as a Service offering by ransomware gangs across the globe. As discussed here, ransomware gangs are “franchising” their ransomware tools and techniques to less organized or less skilled cyber threat actors, leading to a tidal wave of new ransomware attacks.

Finally, CISA notes that many of these new ransomware attacks are also specifically targeting critical infrastructure industries throughout the United States. CISA states that ransomware attacks have focused predominately on 14 of the top 16 of these industries, with major attacks against these critical industries:

  • Communications
  • Emergency water services
  • The energy sector
  • Financial services and
  • The healthcare sector

According to Data Breach Today, there are defenses that can be employed in this battle:

  • Keep all operating systems and software fully patched and up to date
  • Lock down and prohibit remote access
  • Train users to better identify and prevent cyber-attacks, especially phishing attacks
  • Have fewer users with administrative access and privileges on the network
  • If you use a Linux-based system, lock it down and ensure that there are “defense in depth” protections in place
  • Ensure that you have implemented and are using multifactor authentication (MFA) wherever possible and
  • Protect cloud data by ensuring the use of MFA and encrypt data stored in the cloud

Another interesting defensive possibility may be a greater use of Zero Trust Architecture (discussed here). There is strong momentum for Zero Trust as a means of slowing and even combatting new ransomware attacks. We will be discussing this in more detail in an upcoming blog.

2022 promises to be an even more dangerous and expensive year than 2021 when it comes to defending against ransomware attacks. The time has come to become proactive in this battle — don’t wait to be a victim.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Jason G. Weiss

Jason G. Weiss leverages a past career as a cybersecurity and computer forensics Supervisory Special Agent with more than 22 years of decorated service at the FBI to guide clients through the complex and high-stakes issues associated with cybersecurity incident preparedness and response and compliance. View Jason's full bio on the Faegre Drinker website.

Receive Email Alerts to New Articles

SUBSCRIBE

February 16, 2022
Written by: Jason G. Weiss
Category: Cybersecurity
Tags: CISA, ransomware, zero trust architecture

Post navigation

Previous Previous post: SEC Proposes New Cybersecurity Risk Management Rules for Registered Investment Advisers, Registered Investment Companies and Business Development Companies
Next Next post: Capping Cyber Casualties: Steps to Avoid Cyberattacks Flowing From Hostilities in Ukraine

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT