Ransomware Attacks Decline But Malware Is Up in 2022: New Cyber Security Report

Posted on Sep 5, 2022 | BLOG


Cybersecurity firm SonicWall has released its 2022 mid-year report on cyber threats, and the results are a mixed bag.

Ransomware is a perfidious type of malware that has plagued crypto owners for years, thanks to the multitude of attack vectors that reside on users’ computers and other personal devices.

Usually a highly visible cyberattack that causes huge disruptions for the victim unless they pay,  ransomware has also picked up an unfair association with crypto, as affected parties normally need to pay in cryptocurrencies like Bitcoin or Monero to unlock their devices. 

While ransomware attacks have globally declined overall during a market downturn after record theft in 2021, malware attacks are on the rise, with a worrying surge in Internet of Things (IoT) cases.

Moreover, there’s a 63% rise in ransomware in Europe, despite a global drop of 23%. What is concerning is that ransomware attacks in the first half of 2022 have already netted more than the total tallies in 2017-2019. 

Let’s take a closer look at the report and see where the trendlines appear to be headed.

What is Ransomware?

Ransomware is a constantly evolving type of malware (malicious software) that encrypts a user’s digital files on a device, making it impossible to use any files and/or associated systems. Following this, bad actors will then contact the user and demand a ransom in exchange for the decryption key.

Slower year for ransomware due to economy

Q2 2021 saw ransomware reach its highest levels ever, hitting $181 million. But while 2021 turned out to be a record-breaking year for ransomware, it now appears to be on the decline – at least for the moment. According to SonicWall threat detection and response specialist Immanuel Chavoya, the reason may have something to do with the state of the economy, particularly cryptocurrency, as there seems to be a correlation in line with crypto markets.

Businesses less willing to pay

The willingness of impacted businesses and organizations to pay out hefty sums to ransomware attackers has also seen a drop. In the first quarter of 2022, less than half of the victims were willing to pay. This is a steep fall compared to the same period in 2019, when it was 85%.

“Silent” malware on the rise

At the same time, malware attacks have been increasing, with 2.8 billion recorded in the first two quarters, an uptick of 11%. The trend marks a turn from recent years, where malware had been on a slight decline. The surge is mostly attributable to cryptojacking and IoT (Internet of Things) malware, per the report.

The reason for this is that ransomware is a very visible form of malware that requires the attacker to communicate with the victim and strongarm them in order to extract payment, possibly leaving a digital trace for law enforcement to find. It’s also getting easier for IT specialists to crack specific ransomware viruses.

‘Silent’ malware like cryptojackers, trojan viruses and phishing scams are more subtle and less likely to expose the bad actor. By the time the victim discovers the malware attack’s results, it’s normally too late to do anything about it. 

European Cybercrime and Russia’s Invasion of Ukraine

While ransomware attacks against entities in North America have so fardropped by 42% this year, Europe has experienced a 63% increase. Countries like the US and UK – typically popular targets for cybercrime – have seen a decline in 2022.

This is at least in part due to Russia’s invasion of Ukraine, according to US Cyber Command and NSA Cybersecurity. The two agencies claim that Russian cybercriminals, who make up an inordinate percentage of the world’s total, are likely too honed in on Ukraine to pay as much attention to their usual targets.

Although Russia denies involvement in cybercrime, two-thirds of the world’s state-sponsored cyberattacks in recent years can be linked to the country, per the report. Indeed, 74% of global ransomware revenue last year – around $400 million – flowed into the hands of Russian-affiliated groups.

SonicWall chalks up the reconfiguration in the priorities of cybercriminals to a number of factors, including falling crypto markets, supply chain woes, government sanctions, and infrastructural bottlenecks.

Malware Variants

Since 2018, SonicWall has been using something called Real-Time Deep Memory Inspection tech (RTDMI), which detects fresh variants in malware. The technology has led to a 20x increase in new variants being tagged.

This year, a record was set in the first quarter when nearly 150,000 new variants were found. That number rose to 270,000 by the second quarter, a 45% increase year-on-year. The leading three ransomware families – Ryuk, Cerber, and SamSam – made up 62% of last year’s total.

Internet of Things (IoT) Attacks Surge

Given that the adoption of IoT is really just getting started, it should come as no surprise that hackers are increasingly looking to manipulate the devices that line the interiors of homes and offices.

In the first two quarters of this year, IoT malware attacks rose by 77% globally – a total of 57 million attacks, which was nearly the same as all of 2021. In North America, that figure was even worse, with a 228% jump. Asia, by contrast, only saw a 74% increase, slightly below the global average. Meanwhile, Europe actually saw a decline, with IoT malware attacks dropping by 19%.

Encrypted Attacks

Encrypted attacks – when hackers take advantage of encrypted tunnels used to secure data to deploy malware – rose 132% year-to-date between January and July, nearly breaking records. North America saw an unusually large upswing in this category, with a 284% increase.

Nevertheless, the percentage of customers who were targeted fell from the Q1 to Q2, indicating that while the total volume of attacks was climbing, it might be impacting fewer victims.


Cryptojacking, which is a form of attack where hackers take over a target’s computer and force it to mine cryptocurrencies such as Bitcoin, rose 66.7 million by volume in Q1 and Q2, a 30% increase year-on-year.

Despite this troubling rise, it would have been worse if not for the crypto crash of last spring. The market downturn lowered the incidence from last January’s all-time, where volume reached 18.4 million.

Cybercrime Predictions

Noting that Russia’s invasion of Ukraine, as well as law enforcement activities, had caused ransomware attacks to drop so far this year, SonicWall CEO Bill Conner lamented that the respite was likely temporary and that hackers would revise their tactics.

“I think in the next six to 12 months … you’re going to see ransomware come back strong as the state of affairs settle into whatever this new norm is.”

He added that since most tech companies now make their CVEs (common vulnerabilities and exposures) public, the issue has become about ensuring entities perform patches in time to close the windows on bad actors – who of course also read the CVEs.

Conner explained that it’s becoming even more crucial for network operators to maintain a siloed infrastructure so as to limit the scope of break-ins when they occur. Network segregation, he continued, is likely to become the new standard sooner rather than later.