Ransomware Evolution: Anticipating the Next Wave of Attacks

While ransomware has continuously evolved for decades, the recent rise of advanced technologies like artificial intelligence and the Internet of Things instigated a new wave of attacks. How can your organization prepare in time? Here is an overview of how ransomware attacks have changed and what to expect for your business.

The Next Wave of Ransomware Attacks Is Coming

You’re likely aware of the growing threat ransomware groups pose because they target industries indiscriminately. Statistically, your organization has likely experienced at least one of these disruptive attacks in its life span.

While ransomware frequency has steadily risen in previous years, there has been a sharp uptick recently. In the last two quarters of 2022 alone, it increased by more than 50%, reaching 154.93 million instances. These figures suggest another wave of attacks is on the horizon.

How Will Ransomware Groups’ Demands Evolve?

What ransomware groups want is changing, as made apparent by their demands. In 2023, 72.7% of organizations paid the ransom to recover data, up from 49.4% in 2018. As those figures suggest, attackers are growing bolder. With recent technological advances on their side, they’ll likely feel emboldened to ask for more than they ever have before.

4 Major Predictions for Ransomware Evolution

While ransomware continues evolving in unexpected ways, you can leverage trends to predict how they might change. Here are four major predictions for the future of ransomware.

1.    Double-Extortion Ransomware Attacks

The Federal Bureau of Investigation (FBI) recently released a warning on the growing trend of double extortion. Most follow-up attacks occur within 48 hours of the initial one, giving you little time to recover. In addition to encrypting data, they also steal and threaten to leak it, demanding two ransoms in exchange for the decryption key and their silence.

2.    Ransom Groups Escalating Demands

While demands have always been unreasonable, attackers ask for more because they know you are likely willing to pay. The average ransom increased by 73% in 2023 alone. The steep, unexpected expenses associated might be challenging to recover from without cyber insurance or governmental support. 

3.    Emerging Malware Strains

Technological advancements like artificial intelligence (AI) have lowered entry barriers for potential cybercriminals, making it easier for those without technical knowledge to develop malicious code. In fact, the FBI identified a growing number of custom malware strains back in 2022.


While AZORult, LokiBot, NanoCore, Formbook, Remcos, and TrickBot have been top malware strains for over five years — and Ursnif and Qakbot for over a decade — new AI-generated versions are becoming common. Some attackers simply tweak their existing code to prevent detection systems from flagging it.


4.    Smaller Organizations Targeted

You might have noticed how attackers have shifted from targeting enterprises to smaller organizations in recent years. According to Microsoft’s 2023 The State of Cybercrime report, organizations with less than 500 employees experienced 70% of all ransomware attacks from July to September 2022 — mainly because these low-profile incidents attract less attention from authorities and the general public.

Which Industries Will the Next Wave Target?

While ransomware groups have targeted the health care, financial and retail sectors due to the promise of a big payout, they have been silently finding new industries to exploit.


The education sector is becoming a common target. In fact, 80% of elementary and high school institutions were hit with ransomware in 2023, up from 56% in 2022. If this trend continues, students and school faculty risk losing personal data.


Critical infrastructure is another sector ransomware groups have targeted at elevated rates. In fact, out of the 2,385 complaints the FBI received in 2022, 870 involved critical infrastructure. In other words, 36% of the reported ransomware incidents targeted energy, transportation, agriculture, information technology, water, and emergency services.

How to Prepare for the Next Wave of Ransomware Attacks

While the next wave of ransomware attacks may seem daunting, you can implement the following seven strategies to prepare your organization.

1.    Digital Business Automation

Nearly 70% of businesses will automate processes by 2025. Digital business automation increases your organization’s security posture, isolating infected devices and safeguarding systems and data from ransomware groups. You can use it to minimize an attack’s impact automatically.

2.    Leverage Offline Backups

Encrypting offline backups is one of the most effective best practices your organization can leverage. This way, your information assets remain incorruptible, and you ensure you can recover from ransomware incidents swiftly.



3.    Deploy Endpoint Protection

Endpoint protection involves best practices based on the principle of least privilege. It blocks unauthenticated devices from accessing your networks, increases device visibility, and prevents employees from installing unverified applications on their workstations.

4.    Utilize Multi-Factor Authentication

With multi-factor authentication, ransomware groups cannot exploit systems or data even with legitimate credentials. With this tool, you are 99% less likely to get hacked. Plus, brute-force and eavesdropping attacks become less concerning.

5.    Audit User Accounts

Auditing user accounts to remove temporary permissions and delete test accounts prevents ransomware groups from using your organization’s inactive, long-forgotten information. This prevents them from infiltrating your organization and deploying malware.

6.    Use Time-Based Access Controls

You can use time-based access controls to automatically log administrators out of their accounts once enough time passes. This way, ransomware groups cannot take advantage of the C-suite’s forgetfulness to escalate their privileges or launch attacks.

What Is Next for Ransomware?

While there’s a chance ransomware will evolve unexpectedly, trends point to increased ransom demands, new industries being targeted, and smaller organizations becoming more at risk. Fortunately, professionals can protect their workplace by leveraging various business technologies and techniques.

*This article is provided by April Miller from Rehack.

Sign up to receive updates and newsletters from Kobalt.io

Recent Posts

Follow Us