Future of Ransomware: 2022 and Beyond
Throughout 2021, cyberattacks continued to increase, with ransomware accounting for 38% of all breaches in 2021.
So, what does this say about ransomware moving into 2022?
This blog will answer this question and highlight:
- How ransomware looked in the past.
- How ransomware presents today.
- What future ransomware attacks will look like, and how to respond to them.
Ransomware of the Past: 1989-2020
In 1989, Joseph Popp used the post to distribute floppy disks to over ninety countries from a PC Cyborg Corporation. The malware remained dormant until they turned on the PC.
After that, the virus encrypted the files and demanded a payment of $189 (£140) and a further $378 (£280) for the software release.
Since then, ransomware attacks have become increasingly sophisticated, with many targeting larger organisations to get the highest possible ransom payment.
Present Ransomware: 2021-January 2022
In 2021 alone, the Verizon Data Breach Investigations Report suggested that ransomware doubled in frequency over the previous year, accounting for ten per cent of all cyberattacks in the past year.
Attacks on SMBs
As a result, cybercriminals who target SMBs realise that smaller organisations have limited in-house cybersecurity resources, making them more vulnerable than larger organisations that often employ large IT experts teams.
Increasing Sophistication
Gone are the days of Joseph Popp; ransomware wears various faces in the present day. The early signs of sophisticated attacks are harder to detect by IT experts and are therefore capable of more damage than ever before.
An example of this is DarkSide, a cybercriminal group that attacked the Colonial Pipeline in May 2021. The group provides Ransomware as a Service (RaaS) which supplies criminals with the means to launch attacks via admin control panels to payment systems.
Supply Chain Attacks
By 2021, cybercriminals successfully focused their ransomware attacks on supply chains. Attackers gain access via a third party’s compromised system.
On the 2nd of July 2021, a series of supply chain attacks surfaced in thousands of companies throughout 17 different countries.

Prominent Ransomware Attacks in 2021
Kia Motors
DoppelPaymer carried out the ransomware attack in 2021. They threatened to publish exfiltrated data within two to three weeks if Kia Motors didn’t pay 404 Bitcoins.
The attack made Kia Motors have a nationwide IT and phone system outage.
Acer
In March 2021, Acer suffered a REvil ransomware attack and shared some images of stolen files as proof of their breach. The attack demanded £37,232,250.
Colonial Pipeline Company
The Colonial Pipeline was the highest-profile ransomware attack of 2021. The DarkSide group quickly gained access to the system as the business did not use multi-factor authentication.
The ransomware attack forced Colonial Pipeline (responsible for bringing 50% of the US East Coast’s fuel) to pause all operations.

Future of Ransomware: 2022 and Beyond
As ransomware is such a prolific cyber attack, it will not disappear anytime soon. However, as we start 2022, it is time to look ahead to see what ransomware holds for us in the future.
Criminals are now taking active steps to exfiltrate corporate data for increased leverage to
However, ransomware is likely to develop with an ever-evolving threat landscape.
‘Despite the progress, ransomware is not going away in 2022. A robust ransomware defence strategy can only fortify its cybersecurity posture for the enterprise.’
Ransomware Attack Trends in 2022
Ransomware as a Service (RaaS)
Many RaaS services are on the Dark Web on a subscription basis. RaaS enables criminals to launch ransomware attacks by signing up for their services.
It is a common type of CaaS (Cybercrime as a Service) and requires very little technical knowledge.
ENISA (European Union Agency for Cyber Security) experts have even suggested that triple extortion ransomware increases the frequency.
They have cited research suggesting that DDoS attacks as the triple extortion vector are frequently used and even focus the ransom on the victim’s clients, leading to quadruple extortion.
Fraudulent Calls
Back in December 2021, Hellmann had a cyber-attack. After a thorough forensic investigation, Hellman extracted the data from its servers before attackers took its systems offline.
Initial Access Brokers (IABs)
As financially motivated threat actors, initial access brokers work to profit from the sale of remote access to enterprise networks.
They have simplified the attack chain by asking for payment for verified access to a target.
Most initial access brokers gain access primarily through:
- Remote Desktop Protocol (RDP)
- Virtual Private Network (VPN)
- Web shells and remote access software
Final Thoughts
Ransomware remains one of the highest priority challenges for organisations of all sizes and across all sectors in 2022.
As a result, ensuring preventative measures and planning for an attack on your organisation is essential to mitigate risk.
Enjoyed reading our blog on the future of ransomware?
Get in touch with our expert team for more information about how to prevent and prepare your organisation for ransomware attacks!