Security provider Blackfog released its 2021 Annual Ransomware Report, showing in 2021 ransomware crews launched a record total of nearly 300 reported attacks, amounting to a 17 percent increase from the prior year. The report assesses ransomware attacks publicly disclosed in 2021 and categorizes them by industry, geography and month occurred during the year. Here are some of the findings:
- Of the 292 attacks, more than 80 percent involved data exfiltration in some form, with records disclosed on the Dark Web, websites and directly to the victims.
- Of those, one-third used botnets and two-thirds used illegal networks. Some 80 percent of ransomware utilized PowerShell to infect victims.
- The U.S. experienced more than 51 percent of ransomware attacks, followed by the U.K. with 10 percent, Canada at five percent and France and Australia each at three percent.
- The top three countries represented two out of every three attacks. In addition, one out of every three attacks exfiltrated data to China (16%) or Russia (12%).
- In 2021, the average size of the target organization hit by ransomware hackers decreased by 31 percent to an average of 15,581 employees compared to 2020, making small- to medium-sized businesses a growth market.
- Ransomware in the retail sector experienced a 100 percent growth, followed by an 89 percent increase in technology, 30 percent increase in healthcare, and 24 percent increase in government as compared to 2020.
- REvil dominated the 2021 landscape early in the year and finished with the highest number of victims, representing 17.5 percent of all attacks.
- The latter half of the year saw a massive increase in the number of attacks from Conti, which finished the year at 16.8 percent of all variants, for an increase of 228 percent over 2020.
- Variants such as Ryuk, Maze Nefilim were virtually eliminated and DoppelPaymer saw a 160 percent decrease in activity.
Blackfog also made five ransomware predictions for 2022:
- Ransomware gangs will rival enterprises in complexity: In 2022, there will be greater coordination between ransomware gangs, double extortion evolving to triple extortion and short selling schemes skyrocketing.
- Companies that pay ransoms will pay in other ways: Consumer trust of organizations that pay the ransom will continue to erode and lawsuits will abound as organizations are thrown under the bus for not doing enough to prevent data exfiltration.
- Our food supply will be compromised: As cyber adversaries continue to focus on making the biggest impact by affecting the most people, the food and agriculture industries will remain an attractive target, with a successful attack crippling our food supply likely in the coming year.
- Cyber insurance providers and security vendors will join forces: With mandatory reporting now in place and a move toward it becoming illegal to pay out ransoms, cyber insurance providers will need to rethink their business models and likely partner with security vendors to build a more lucrative sales model.
- Africa and SE Asia will become cyber contenders: As cyber criminals look to find cheaper labor and technical expertise, 2022 will see new threat actors from Southeast Asia and Africa.
Protecting your servers and computers from Ransomware has never been more important. Taking mitigating steps to prevent Ransomware include updating your software(s), implement endpoint detection and response tools such as Hacker Blocker.