This post is also available in: heעברית (Hebrew)

Experts expect that the ransomware attacks industry that flourished during 2021 will consolidate around the most sophisticated groups, to automate more of its attacks, and to shift its focus away from critical infrastructure onto corporate targets.

Last year marked a turning point in the fight against ransomware as the collaboration among law enforcement agencies led to high-profile arrests, and the business of ransomware has become riskier for the criminals. Western law enforcement agencies formed dedicated units, such as Europol’s Joint Cybercrime Action Task Force or the FBI’s National Cyber Investigative Joint Task Force. This led to breakthrough arrests and the seizure of millions of dollars in cryptocurrency.

These efforts are forcing the ransomware ecosystem to change, as Yelisey Boguslavskiy, head of research at security consultancy Advanced Intelligence told But instead of weakening the ecosystem, it may be simply clearing out the less sophisticated groups. “The arrests are clearing the weaker ones, and those who are smart enough not to get arrested, they will keep growing,” he said.

This could give rise to a few, highly sophisticated groups that dominate the ransomware business. However, the bigger these groups become, the more of a target they are for law enforcement. As a result, they are diversifying their methods to avoid detection by using a wider variety of attack vectors. Some ot the groups are automating their attacks or reducing their reliance on affiliates, partner organizations that help identify and infect targets with their malware. 

Looking forward into 2022, the concentration of ransomware gangs into fewer, more powerful cartels means that companies in the private sector should remain on their guard.