Numbers of the last Q in 2021: 722 distinct attacks of 34 ransomware

Hundreds of attacks in one quarter of the year alone include prominent ransomware like LockBit or Conti

More than 34 ransomware versions deployed in 722 attacks over the last quarter, research shows

Ransomware, reported, was a very active threat in the last quarter of 2021. Threat analysts show that there were 722 attacks that deployed 34 different ransomware variants.^[1] This amount of activity creates issues for the malware researchers and defenders because there are too many threat actor groups that need to be monitored. LockBit 2.0, Conti,^[2] PYSA, Hive virus, and other ransomware threats emerged and kept being the most prevalent strains.^[3]

It is shown that attacks managed to increase by 110 and 129 when compared to the second and third quarters. The period between October and December 2021 analysis shows that LockBit ransomware with the particular 2.0 version was responsible for at least 29% of those reported incidents. Followed by the Conti group with 19% and PYSA at 10.5%.

Attacks impacting the consumer and industrial products sector rose by 22.2% from the third quarter of 2021, making it the most-impacted sector during the fourth quarter

The more targeted sectors remain industrial products, manufacturing, and real estate, as it was previously noted that threats move to manufacture and professional services more nowadays.^[4] However, threat actors still aim to corrupt machines and systems related to media and telecommunications, energy, public sectors or financial services, or even nonprofit entities.

The US remains the most impacted country for most of these major threats

The most targeted region of such ransomware threats is North America and it is more than half of the regions targeted by the particular massive groups like Conti ransomware.^[5] Then comes Europe with 30% of the attacks, and only the 20% is left for the rest of the world.

Breaking down to countries, the most affected are the US, Italy, Germany, and France, Canada for the LockBit 2.0 ransomware. Other strains show similar targets, while Conti mainly targets the US, Germany, and Italy. PYSA and Hive ransomware also mainly aims at devices in the United States.^[6]

The change of the particular targets and industries might be affected by the particular period of time this analysis is conducted because Cyber Monday and Black Friday, Christmas might affect ransomware creator aims. This shopping season interest might drive threat actors to target consumer and industrial products more during this quarter.

Science and health care sectors still are significant targets of ransomware

While some of the sectors dropped and others raised when compared to previous quarters, some of them left in the same place. Financial services are often targeted by such threats. As well, as the health care and life sciences that significantly rose to the top at the end of the year. This industry might be the more critical target due to the pandemic and virus transmission rates during the winter.

Ransomware often aims to disrupt the operations in such organizations or hospitals directly, firms that deal with serious issues like this. And threat actors have a tendency to do so at the worst time when there is a need for such service. This might be the reason for the quicker solution of payment transfers because organizations have no time to negotiate or investigate the incident of the attack.

It is common for threat actors to corrupt networks of companies during mergers, after big deals. Nevertheless, targeted companies are not willing to pay the ransomware creators nowadays. Even though double and triple extortion methods are more popular. Payments never solve any of the issues and only fuels the financially motivated criminals.