Attending InfoSec?

Ransomware 2021 Cyberint Research Report

Ransomware 2021 – The Bad, The Bad & The Ugly


Ransomware remains a growing and increasingly problematic threat to organizations across all industries. Posing a significant and increasing threat throughout 2021, ‘Big game hunter’ ransomware campaigns, orchestrated by highly sophisticated organized cybercriminal groups, continue to compromise and extort high-value ransoms from victim organizations. While statistics related to ransomware activity over the past year differ, all are consistent in identifying a week-on-week increase in attacks. The United States is one of the top targeted countries (Figure 1).

Top 10 countries hit by ransomware for 2021
Figure 1: Top 10 countries hit by Ransomware in 2021

We witnessed an overall number of 2,845 ransomware cases this year, and found that the top three sectors hit by successful campaigns were the Industrial & Energy, Retail, and Finance sectors, respectively (Figure 2).

Figure 2: Number of ransomware cases by sector in 2021
Figure 2: 2021 Number of Ransomware cases by sector

Conti most effective, with 599 successful campaigns, showing dominance in this sector, while Lockbit was right behind with “only” 545 successful campaigns (Figure 3).

Ransomware cases per family for 2021
Figure 3: 2021 Ransomware cases per group

Typically, major ransomware groups utilize ‘steal, encrypt and leak’ tactics, pressuring their victims into paying high-value ransoms to avoid exposure. These groups continue to evolve their tactics, techniques, and procedures (TTP), with new developments and recruitment, undoubtedly fueled by the enormous financial gains being made.

While the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) introduced sanctions against several ransomware threat actors in late 2020, prohibiting US-interests from making ransom payments to individuals or entities on the ‘Specially Designated Nationals and Blocked Persons List (SDN List)’, in addition to countries with other embargoes, these ransomware groups continue to operate and reap financial rewards.

With many ransomware attacks resulting in the widespread encryption of data and systems across victim networks, often leading to significant periods of downtime, unprotected victims may feel inclined to promptly pay ransoms, especially if covered by a cyber-insurance policy, to regain access to their data.


Read the full report:     Ransomware 2021 – The Bad, The Bad and The Ugly


Uncover your compromised credentials from the deep and dark web

Fill in your business email to start