Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Profile
    • Privacy & Cookie Policy
    • Terms of Use
    • Contact Us
    • Advertising
    • Submit Post
    • Latest News
    • Research Reports
    • Press Release
    • Awards▾
      • About the Awards
      • Awards TimeTable
      • Submit Nominations
      • Testimonials
      • Media Room
      • Award Winners
      • FAQ
    • Magazines▾
      • Global Banking & Finance Review Magazine Issue 79
      • Global Banking & Finance Review Magazine Issue 78
      • Global Banking & Finance Review Magazine Issue 77
      • Global Banking & Finance Review Magazine Issue 76
      • Global Banking & Finance Review Magazine Issue 75
      • Global Banking & Finance Review Magazine Issue 73
      • Global Banking & Finance Review Magazine Issue 71
      • Global Banking & Finance Review Magazine Issue 70
      • Global Banking & Finance Review Magazine Issue 69
      • Global Banking & Finance Review Magazine Issue 66
    Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

    Global Banking & Finance Review® is a leading financial portal and online magazine offering News, Analysis, Opinion, Reviews, Interviews & Videos from the world of Banking, Finance, Business, Trading, Technology, Investing, Brokerage, Foreign Exchange, Tax & Legal, Islamic Finance, Asset & Wealth Management.
    Copyright © 2010-2026 GBAF Publications Ltd - All Rights Reserved. | Sitemap | Tags | Developed By eCorpIT

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    Home > Technology > 2022 Cyber Security Trends: Ransomware, Extortion, and State Espionage
    Technology

    2022 Cyber Security Trends: Ransomware, Extortion, and State Espionage

    Published by Jessica Weisman-Pitts

    Posted on December 15, 2021

    7 min read

    Last updated: January 28, 2026

    The image illustrates the tense relationship between Guangzhou Automobile Group (GAC) and Stellantis over the proposed increase in stake for their joint venture, highlighting the complexities of foreign investment in China's automotive market.
    GAC reprimands Stellantis over joint venture plans in China - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Quick Summary

    2022 will see rising ransomware threats, evolving extortion tactics, and persistent state espionage. Organizations must adopt comprehensive strategies to tackle these challenges.

    2022 Cyber Security Trends: Ransomware and Espionage

    By Jamie Collier, Senior Threat Intelligence Consultant at Mandiant

    2021 will be remembered as a significant year for the cyber security industry. With the pandemic accelerating digital transformation, the threat landscape was in constant flux. Major ransomware attacks demonstrated not just their impact on businesses, but wider society too. As we look ahead to 2022, the only constant in our industry is uncertainty in the cyber realm, but here are a few of our predictions for next year, based on trends we’re already seeing emerge.

    Ransomware 

    The threat of ransomware has increased substantially over the last ten years and intelligence suggests it will continue its upward trend. Given the ever-increasing threat of ransomware and the limited ability of current legislation to hold attackers accountable, the business of ransomware will remain extremely lucrative for the foreseeable future.

    Many ransomware actors operate from locations outside the jurisdiction of international cyber security or extradition treaties from the countries they attack and thus face little or no repercussions for their actions. As such, we expect to see more attacks coming from these groups targeting critical industries, such as law enforcement agencies and healthcare, where the urgency to pay is pitted against the well-being of civilian populations.

    Over the next twelve months it is expected that ransomware victims will continue to pay out millions in attempts to keep their stolen data from being published or rendered unusable. However, as these operations are often carried out by multiple actors, each one performing a specific element of the attack for a fee or a cut of the proceeds, it is becoming more common that some or all of that data gets shared during the operation due to conflict between these actors. The more this occurs, the more organisations will have to rethink the way they deal with ransomware attacks.

    Multifaceted extortion

    Multifaceted extortion is just another tactic employed by cyber criminals to extort payments from victims, which we expect more of in 2022. Traditional ransomware attacks are regularly being combined with data theft operations (where ransomware operators will threaten to leak sensitive data unless a ransom is paid). However, a wide variety of additional extortionary tactics are now increasingly being used. This includes denial of service attacks, ransomware groups contacting media organisations to drum up press coverage of victims, or even directly calling and harassing employees. Our research suggests that attacks such as this are likely to increase, especially as threat actors find new ways to extort victims, such as trying to recruit insiders within their victims or targets.

    With a variety of these extortionary tactics often deployed simultaneously, organisations will need to adopt more holistic strategies in responding to ransomware. In addition to the technical challenges of remediating a network, organisations will also need a communications strategy, covering both external and internal audiences, and a legal plan to deal with data leakage. Crucially, ransomware will increasingly test organisations’ ability to confront multiple challenges in tandem.

    Victims that hire professional negotiation firms during a cyber-attack to help reduce the final amount of the extortion payment, are also expected to suffer greater consequences. Tactics such as this have already been seen in 2021 and they are expected to evolve as threat actors become more business aware as they improve their strategies and learn of the kind of situations their victims most want to avoid.

    Outlook on major state espionage actors: The Big Four

    Russia is expected to maintain an aggressive position as we move into the new year with a  persistent emphasis on targeting NATO, Eastern Europe, Ukraine, Afghanistan and the energy sector. The U.S. government attributed the SolarWinds supply chain compromise incident to Russia, reaffirming the country’s ability to achieve widespread impact and that the level of sophistication and scope of Russian operations will continue to expand. It is also anticipated that supply chain and software supply chain environments will continue to be targets for Russia in 2022.

    Iran will utilise its extensive cyber tools to aggressively promote its regional interests. Information operations attributed by the U.S. to Iran in 2020 and 2021, revealed more forceful and destructive tactics than seen in previous years. Targets will likely continue to be Israel and others in the Middle East. Despite having seen Iran attack victims abroad, we expect it to engage in more internal operations to smother political dissent and  bolster its own interests throughout 2022.

    China looks set to continue to be extremely aggressive, supporting the Belt and Road Initiative using cyber espionage. As the Ministry of State Security (MSS) and the People’s Liberation Army (PLA) have completed much of their restructuring, we will see Chinese operations narrow their focus. As geopolitical tensions continue to rise and attacks become increasingly advanced, it’s likely   we are going to see China flex some of their known but as-yet-unused destructive capabilities.

    North Korea will remain a major player in state cyber operations as despite its geographical, international and financial challenges, it wields significant cyber tools. In the coming year we expect North Korea to flaunt their cyber capabilities to compensate for its lack of other instruments of national power. In 2021, The North Korean cyber structure will continue to promote the Kim regime by funding nuclear ambitions and assembling strategic intelligence.

    Information operations

    Information operations from a host of threat actors taking place within Europe will increasingly overlap with cyber security. Specific concerns related to these campaigns include website compromise, social media compromise, and data theft.

    For example, the Ghostwriter information operations campaign, which has focused on sowing discord within Eastern Europe, has expanded its modus operandi to spread narratives via compromised social media accounts. The security of social media accounts is more important than ever, especially for prominent government officials and journalists. We have also observed at least some components of Ghostwriter influence activity conducted by UNC1151.

    At Mandiant, we feel with a high degree of confidence that UNC1151 has links to Belarus. This is a group that has targeted a wide variety of governmental and private sector entities, with a focus in Ukraine, Lithuania, Latvia, Poland, and Germany. UNC1151 therefore highlights the growing threat of emerging states. This will make it increasingly important to think beyond the usual suspects of Russia, China, North Korea, and Iran. We will also likely see the role of contractors grow as emerging states turn to third parties to ramp up their cyber capabilities as quickly as possible.

    This highlights that the threat landscape is growing in complexity and 2022 could see additional states ramp up their appetite to conduct both cyber espionage and information operations. It is therefore vital that sectors facing an elevated threat from information operations, such as government and the media, implement a security strategy that offers a joined up approach between disinformation threats and cyber security.

    Conclusion 

    Attackers are constantly evolving: they are becoming more sophisticated and changing their approach. Ransomware and espionage activities will continue to pose a major threat and we will continue to see regional and international operations conducted by the Big Four states.

    Despite these nascent trends, it is also worth remembering that much of the security landscape will remain constant. Good execution of the basics, keeping systems up-to-date, and looking out for misconfigurations in cloud and third party infrastructure will all go a long way to keeping organisations secure.

    Organisations have a lot to keep in mind for next year, but staying vigilant will allow them to defend themselves against future threats – and respond to those that inevitably pass.

    Key Takeaways

    • •Ransomware threats are expected to increase in 2022.
    • •Multifaceted extortion tactics are evolving.
    • •State espionage remains a significant threat.
    • •Organizations need holistic strategies for cyber threats.
    • •Ransomware actors are becoming more business savvy.

    Frequently Asked Questions about 2022 Cyber Security Trends: Ransomware, Extortion, and State Espionage

    1What is the main topic?

    The article discusses 2022 trends in cyber security, focusing on ransomware, extortion, and state espionage.

    2What are multifaceted extortion tactics?

    These involve combining ransomware with other tactics like data theft, denial of service, and media manipulation.

    3How is state espionage expected to evolve?

    State espionage will continue with aggressive actions from major actors like Russia targeting strategic sectors.

    More from Technology

    Explore more articles in the Technology category

    Image for Debtist: Digital Debt Collection for Modern Businesses
    Debtist: Digital Debt Collection for Modern Businesses
    Image for Infosecurity Europe launches new Cyber Startup Programme to champion the next generation of cybersecurity innovators
    Infosecurity Europe launches new Cyber Startup Programme to champion the next generation of cybersecurity innovators
    Image for BLOXX Launches ĀRIKI BLOXX at Web Summit Qatar
    BLOXX Launches ĀRIKI BLOXX at Web Summit Qatar
    Image for Engineering Trust in the Age of Data: A Blueprint for Global Resilience
    Engineering Trust in the Age of Data: A Blueprint for Global Resilience
    Image for Over half of organisations predict their OT environments will be targeted by cyber attacks
    Over half of organisations predict their OT environments will be targeted by cyber attacks
    Image for Engineering Financial Innovation in Renewable Energy and Climate Technology
    Engineering Financial Innovation in Renewable Energy and Climate Technology
    Image for Industry 4.0 in 2025: Trends Shaping the New Industrial Reality
    Industry 4.0 in 2025: Trends Shaping the New Industrial Reality
    Image for Engineering Tomorrow’s Cities: On a Mission to Build Smarter, Safer, and Greener Mobility
    Engineering Tomorrow’s Cities: On a Mission to Build Smarter, Safer, and Greener Mobility
    Image for In Conversation with Faiz Khan: Architecting Enterprise Solutions at Scale
    In Conversation with Faiz Khan: Architecting Enterprise Solutions at Scale
    Image for Ballerine Launches Trusted Agentic Commerce Governance Platform
    Ballerine Launches Trusted Agentic Commerce Governance Platform
    Image for Maximising Corporate Visibility in a Digitally Driven Investment Landscape
    Maximising Corporate Visibility in a Digitally Driven Investment Landscape
    Image for The Digital Transformation of Small Business Lending: How Technology is Reshaping Credit Access
    The Digital Transformation of Small Business Lending: How Technology is Reshaping Credit Access
    View All Technology Posts
    Previous Technology PostThe Technology that underpins Global Logistics
    Next Technology PostUtilising good data is key to successful live stream analytics