MSPs Need to be Prepared to Defend Against Ransomware in 2022

We’re in the midst of a ransomware crisis, with the epidemic intensifying as we head into 2022. Ransomware has evolved from a pernicious threat to a full-blown global problem this year, and channel partners need to be prepared for what’s to come as relentless attackers find new ways to carry out these costly attacks in the new year.

Scott Barlow, global VP of MSP and cloud alliances, Sophos
Author: Scott Barlow, global VP of MSP and cloud alliances, Sophos

Ransomware will not only remain prevalent, but become increasingly modular and service based, according to the Sophos 2022 Threat Report. As a result, ransomware will pull other cyberthreats into its business model, like a “black hole,” creating a massive, interconnected delivery system for unloading ransomware onto victims worldwide.

Here are a couple of trends that partners need to keep top of mind as they secure customers against ransomware attacks on the frontlines.

Ransomware-as-a-Service Will Become More Prevalent

Over the last two years we’ve watched a growing “ransomware-as-a-service” (RaaS) trend, wherein malware developers create ransomware packages and lease them to attackers to do the actual dirty work. This makes it more difficult to determine who is behind an attack since ransomware is sold to multiple affiliates, and different attack groups deploy similar tactics, techniques, and procedures (TTPs) in their attacks. It also means ransomware is becoming more streamlined and profitable for those creating the code, with this new approach requiring less effort end-to-end.

In 2021, RaaS attacks grew more popular than those executed by single ransomware groups. Some of the biggest ransomware attacks of the year, like the Colonial Pipeline breach, were executed by RaaS-enabled groups.

In 2022, the RaaS business model will become even more prevalent. Sophos is already seeing RaaS gangs innovate new ways to break into progressively more well-defended networks, and we expect to see them continue to down this path in the year to come.

Extortion-Style Ransomware Will Becoming More Severe

An independent survey commissioned around the state of ransomware in 2021 found that while extortion-only ransomware made up a relatively small amount of overall ransomware attacks, it was quickly on the rise – more than doubling from 3% of all attacks the previous year to 7%. Expect this to get worse in 2022.

The tactic is simple. The attacker steals and copies the data and threatens to release it publicly or auction it on the dark web unless a ransom is paid. Rather than locking data up so that organizations can’t access it, attackers threaten to put it all into the public. For some, this is mortifying, for others in industries like healthcare for example, this can put their business at risk for breaches of regulation.

These tactics are picking up traction, and based on their past success, we expect them to be leveraged more often in 2022.

Staying a Step Ahead

MSPs need to follow these best practices to protect their customers and themselves:

  1. Assume every customer is a target. Ransomware attackers don’t rule out any targets. Be proactive and have your defenses at the ready.
  2. Backup customers’ data and don’t pay the ransom. Despite paying ransoms, only 65% of encrypted data was restored. Making backing up data crucial to ensure no data loss.
  3. Use a layered defense strategy. As extortion efforts become more sophisticated, blocking attackers from as many points as possible becomes even more urgent to keep data secure.
  4. Deploy both anti-ransomware tech and human experts. Humans can’t possibly sift out ransomware attack attempts at the scale needed, and automated anti-ransomware technology can’t snuff out TTPs like humans can. Utilize both human and tech power in your cybersecurity plan. And, if you don’t have security specialists in house, make sure you partner with an organization that does.
  5. Have a malware recovery plan. Set up an incident response plan before becoming one of the 37% that are hit with ransomware attacks.

Scott Barlow is vice president, Global MSP and Cloud Alliances, at Sophos. Read more Sophos guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.