Ransomware attacks have become depressingly common – and new data shows just how frequent they can be. Cybersecurity company Cyberint recently released their analysis of the number of cyberattacks they saw specifically targeting ransomware across their visibility.
The results? An overwhelming number of attacks targeting the United States. Of 2,845 ransomware attacks Cyberint witnessed over the 12 months of 2021, 1,352 of them hit victims in the United States. The US’s prevalence of ransomware attacks was so great that it outstripped nearly tenfold the next most victimized country, France.
In all, 48% of ransomware attacks tracked by Cyberint hit the United States. Industrial and energy, retail, and finance industry businesses were among the most threatened sectors. The victims ranged from companies big and small, but many of them are recognizable names to those who have monitored news headlines over the last year. The cyberattacks on the Colonial Pipeline, JBS Foods, and Kaseya all feature – as do state-sponsored attacks launched against US government entities.
“Ransomware attacks rose significantly against businesses and government entities in 2021, a trend likely to carry on to 2022,” says Vilius Kardelis of Atlas VPN, which also analysed Cyberint’s research. “While organisations are scrambling for more cybersecurity resources, educating your employees about the best cyber defence practices is just as important.”
Industry and energy worst hit
Not every business sector is created equal, and the rewards that cybercriminals can reap for hitting certain areas are greater than others. For that reason, it’s unsurprising to see the results of which areas of business were hit most frequently by ransomware attacks.
Most often hit were the industrial and energy sectors, which suffered 599 ransomware attacks globally in 2021. Cybercriminals can use their might to disrupt usual gas and electricity flow and cause shortages by attacking energy infrastructure – which makes them a lucrative target because the victims are increasingly likely to pay up if real life is disrupted.
Threat actors also chose businesses in the retail industry as targets in 545 ransomware attacks last year. Once more, the high-stakes environment of their line of business makes them an easy target. The timing of ransomware attacks against retail businesses is often targeted to happen when they are most vulnerable, such as during the Black Friday or Christmas sale seasons.
The finance industry also found itself on the wrong end of 355 ransomware attacks from cybercriminals during the previous 12 months, according to the analysis. The benefits of this for cybercriminals is obvious: hackers perceive financial organizations to be wealthy, thus making them potential targets with high payout opportunities. Even if the victims decide to hold firm and not pay the ransom, the data that is obtained can often be sold on at a lucrative profit – or can be used itself to break into bank accounts from which cash can be exfiltrated.
The healthcare sector is one area that ransomware attacks have often steered clear. While it does feature on Cyberint’s list of the top 10 most frequently attacked sectors, it comes in at number eight – with 121 attacks launched in 2021. Generally, hackers have few qualms about who they hit, but they do try to stay away from healthcare – particularly during a pandemic.
The types of ransomware strains deployed for the purposes of attacks were dominated by two key players in the cybercriminal world. Nearly 1,000 attacks in all were launched using either the Conti or LockBit ransomware family – unsurprising, given their ubiquity around the world and their ability to lock up information and infiltrate into systems undetected. The lessons learned for 2022 may be obvious: try to be conscious of the risks of ransomware – and do all you can to avoid it – and for law enforcement, trying to cut the head off the big beasts of ransomware may be one way of leveling the playing field.