Lessons Learned from Ransomware in 2022

Education, government, and healthcare were consistently in the top 3 most targeted sectors in 2022 and we don’t expect this to change in 2023. Lack of budget and a general lack of resources and skills shortages make these data rich sectors ripe for the pickings. Ransomware caused massive disruption across hospitals, schools, and local governments around the world in 2022 and we expect this to continue into 2023.

Back when we started tracking ransomware, encryption was the worst thing companies thought could happen. Fast forward to 2022 and encryption has pretty much fallen out of favour with cybercriminals. Previously organizations could rely on backups and refuse to negotiate when it came to ransom demands. In 2022 extortion ruled, cybercriminals know the value of data, and threatening to release it if a ransom isn’t paid was the tactic of choice.

The goal of any cyberattack is data theft and data is the crown jewels for any organization. Whether its intellectual property, patient records, student information or financial data, cybercriminals are intent on acquiring it for extortion. Often, we see double and even triple extortion.

In 2022 healthcare came under massive attack and the list of organizations impacted was extensive. In 2020 some criminal gangs even agreed to a moratorium on healthcare institutions during the pandemic, but in reality, you can’t trust criminals. In any case, the Toronto Hospital for Sick Children was attacked just before Christmas. On New Year’s Eve the notorious LockBit gang issued an apology and a free decryptor to unlock the data. As far as we are aware this is a first for the group.

Cybercriminals always look for the path of least resistance, so smaller organizations, who can be guilty of thinking they have no data worth stealing are still often caught off guard. Every organization has data worthy of theft, and any breach is still a reportable offence. While cybercriminals are financially motivated, they are also motivated by causing disruption. We’ve documented attacks across every sector with companies all of sizes, and ransomware is one thing they all have in common.

When we look at some of the large companies who made headlines in 2022 such as Toyota, Ikea, Vodafone, Cisco and Samsung, it’s pretty clear that perimeter defense solutions which organizations have come to rely on aren’t up to the task of preventing ransomware. These large organizations have large budgets, large security teams and a plethora of security tools, yet they make the victim lists month after month. A key takeaway is that if companies keep doing what they’re doing they’ll keep getting what they’re getting – hit by ransomware! Newer technologies that look at the problem from a different perspective will need to be prioritized in 2023 to prevent successful attacks.

The cost of ransomware goes well beyond the ransom itself, from mitigation, remediation and lost business to regulatory reporting. Now companies must also worry about class action lawsuits. 2022 saw a myriad of these, including: Common Spirit Health; Scripps Health; RackSpace; New York Ambulance Service and Morley Companies to name just a few.

This is true in more ways than one. Firstly, paying the ransom isn’t going to solve all the problems. You may get your data back, you may even get a promise that your data won’t be sold or exposed on the dark web, but you really can’t trust a cybercriminal. Secondly, throwing money at new solutions that tackle the problem in the same way as the other 20 you have in your stack isn’t going to work either. The cyberthreat landscape is constantly changing and so should be your defense. Newer technologies that have been specifically designed to prevent ransomware should be carefully evaluated in 2023.