A Look Into the Future of Ransomware

November 04, 2021
a macadam roadbed with 2021 dash 2022 dash 2023 painted on it like a dividing line


Ransomware is the bane of every IT professional. It harms businesses, damages infrastructure and causes chaos for businesses and consumers. In such a volatile threat atmosphere, security professionals are doing everything that they can and innovating new solutions to help businesses stem the tide. However, every IT professional also knows that it’s only a matter of time before ransomware comes calling at their organization.  That’s why it’s essential to analyze ransomware trends to get a sense of what we might be expecting in the future in order to get ready for potential trouble. 


Excerpted in part from our eBook Cracking the RANSOMWARE Code, available now. GET YOUR COPY>>


The Future of Ransomware Looks Bright for the Bad Guys 


Ransomware isn’t going out of style anytime soon. Ransomware danger skyrocketed in the first half of 2021, with an estimated 304.7 million attempted ransomware attacks. The 9th edition of the ENISA Threat Landscape (ETL) report was recently released, giving us a new look at ransomware today and some key indicators for its performance tomorrow. NISA just named ransomware its top threat for the 2020-2021 reporting period, a huge leap on their threat chart; ransomware was in thirteenth place in the previous report.  

Even More Extortion is On the Way 

The report noted a marked increase in double and triple extortion ransomware attacks during 2021, which they define as: “After initially stealing and encrypting sensitive data from organisations and threatening to release it publicly unless a payment is made, attackers also target the organisations’ customers and/or partners for ransom to maximise their profits.” Researchers noted that the threat to leak exfiltrated data has increased significantly, from 8.7% in 2020 to 81% in 2021 Q2. ENISA experts also cautioned that they’re seeing more triple extortion ransomware and beyond, citing research that that describes the use of DDoS attacks as the triple extortion vector resulting in the ransom towards the victim’s client then becoming the quadruple extortion. 

Ransoms Will Keep Growing 

The average ransom amount doubled over the last year. A recent Tripwire report declared that the average ransom paid by organizations has increased by 82% over the already huge demands logged in 2020. The average demand is now a record $570,000 (£414,000), compared with just $170,000 (£123,000) in 2020. A recent record-breaking ransomware demand against Acer reportedly hit $50 million.  ENISA researchers agreed that ransoms have skyrocketed, observing that over just a few months of their tracking, the highest demand made in 2020 more than doubled in 2021. 

Post-Ransomware Costs Will Keep Climbing 

The ETL included the results of a survey conducted across 30 countries that showed that the overall cost of remediating a ransomware attack has doubled in just one year, from $761,106 in 2020 to $1.85 million in 2021. The average downtime of organizations hit with a ransomware attack has also increased from 15 days in Q1 2020 to 23 days in Q2 2021.266. The report also explained that they’re seeing longer-lasting revenue repercussions for businesses impacted by ransomware. A survey of 1,263 respondents reported that 66% of their organizations suffered significant revenue losses due to ransomware attacks 


See how to avoid cybercriminal sharks, phishing & ransomware in Phishing 101. DOWNLOAD IT>>


Ransomware as a Weapon 

In December 2020 the true impact of a massive, precisely targeted nation-state attack was felt by the United States government and many large corporations in the wake of a breach at cybersecurity software giant SolarWinds. A messy tangle of back doors, credential compromise, fake patches, malicious code, business email compromise, phishing, and more was unraveled exposing the alarming fact that likely Russia-sponsored nation-state hackers had been inside US government and defense agency systems for months, accessing all sorts of information. The same group of hackers was also linked to attacks at Microsoft, Cisco, FireEye and more major tech players. This is one of the largest demonstrations so far of ransomware’s use as a tool of espionage, destruction, terrorism or even war

Nation-State Cybercriminals Will Keep Using Ransomware to Generate Revenue 

Ransomware is the most commonly used tool of nation-state cybercriminals, and in nation-state attacks it is often delivered through highly sophisticated spear phishing attacks. and ENISA analysts don’t see the threat of a ransomware attack from nation-state threat actors abating anytime soon. Instead, researchers caution that state-backed threat actors have been learning from their past mistakes, tightening their operations, improving their own security and making a point of leaving no high-fidelity indicators during their intrusions that could give them away. These threat actors aren’t immune to the siren song of profit either, with analysts cautioning “State-backed actors will certainly continue conducting revenue-generating cyber intrusions (in pursuit of strategic objectives or for personal gain) with varying levels of national responsibility.”   

Attacks with Pinpoint Accuracy 

Targeted ransomware attacks are on the rise, growing by an eye-popping 767%, easily dwarfing all other types. Some industries are being battered by an excessive number of sophisticated, targeted ransomware attacks. The banking sector has been getting creamed, with ransomware attacks up by more than 1300%. Healthcare targets have also been under siege. In 2020, 560 healthcare facilities were affected by ransomware attacks in 80 separate incidents. This increase has been especially felt in the APAC region. Recent numbers logged by UK researchers tell a chilling tale as well, with a record-breaking 11% year-on-year increase in attacks against UK targets in Q1 2021. UK businesses encountered 172,079 cyberattacks each, on average, between January and March 2021, the equivalent of 1,912 per day. 


Get on the road to security success with our 5 Steps to Ransomware Readiness infographic! GET IT>>


Uncover the Secret to a Strong Ransomware Defense 


A shocking 50% of IT pros do not believe their organization is prepared to repel a ransomware attack. Graphus can help. Establish a smart defense against phishing and reduce ransomware risk in a flash with automated, AI-powered email security from Graphus. The ideal choice to combat the flood of dangerous phishing email heading for every business, Graphus layers security for more protection with three powerful shields. 

  • TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention.  
  • EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection.    
  • Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review. 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus