Ransomware Attacks Rise Almost 93% in 2021, According to New Research

Global cyber security and risk mitigation expert NCC Group has revealed that ransomware attacks almost doubled in 2021, rising 92.7% year-on-year, according to its 2021 Annual Threat Monitor.

This builds upon a gradual but noticeable rise in ransomware attacks since the COVID-19 pandemic began, with ransomware accounting for 65.38% of all incidents dealt with by our global cyber incident response team (CIRT) in 2021.

Throughout the year, attacks were most commonly targeted at the public (19.35%) and industrial sectors (19.35%), followed by consumer cyclicals (16.13%).

Compiled by NCC Group’s strategic threat intelligence team, the report details the events of 2021 and their impact on the cyber threat landscape, providing an overview of incidents across all sectors and highlighting global trends.

The insights are based on incidents identified by NCC Group’s global managed detection and response service (MDR) and its global cyber incident response team (CIRT).

Remaining consistent with NCC Group’s monthly threat pulses, the most targeted regions during 2021 were North America and Europe, accounting for 53% and 30% of all attacks respectively. v

NCC Group explained that these regions are densely populated with wealthy organizations, which provides an incentive to threat actors that employ a big-game-hunting methodology. The team has highlighted this as the reason for the concentrated ransomware activity in these areas and have predicted that this trend will likely continue throughout 2022 and beyond.v

Trends that NCC Group identified in 2020, such as surges in specific months of the year, were also seen again in 2021. An observable increase in the number of victims was reported until July, which then dropped off before another surge in August, which the NCC Group team have attributed to seasonal and holiday-related fluctuations in cybercrime activity. This would also explain the continued trend of many threat actors once again postponing their activity for the Christmas period in 2021.

The NCC Group team has proposed that the shift in the quantity of ransomware cases will be permanent and that this trend will continue to develop in 2022.

Rise of Conti Ransomware

The most prevalent threat actor noted in the report was Conti, a Russia-based global threat actor that emerged in 2017.

Conti represented 18% of all attacks across the past two years. In line with the general trends, the industrial sector was Conti’s main target, followed by consumer cyclicals and technology, accounting for 33.1%, 21.5% and 7.4% respectively. Similarly, in line with general trends, North American businesses were top on Conti's list of targets, followed by Europe, with 63.8% and 30.2% of all attacks respectively happening in these regions.

Elsewhere, another notable group that highlighted the changing nature of the vulnerability landscape was the Lockbit threat actor. After a brief hiatus and metamorphosis into Lockbit 2.0 in June 2021, the group became one of the biggest contributors to double extortion ransomware in 2021, accounting for 16.4% of the entire year’s ransomware cases. This contrasts their activity in 2020, in which they were absent from the list of the top 10 threat actors.

Matt Hull, global lead for strategic threat intelligence at NCC Group, commented: “Many of the dangers which we first identified at the start of the pandemic have snowballed in 2021, revealing a developing threat landscape with ransomware attacks on the rise. However, despite many clear developing trends, the re-emergence of Lockbit as a prevalent actor highlights that the vulnerability landscape is still ever-changing.

“We need to remain vigilant for new and changing threats in 2022. It is now more important than ever for organizations to ensure that they are protected from the types of attack we have reported in 2021, especially in consistently targeted sectors such as industrials and consumer cyclicals.”

Featured

  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West
  • SIA Releases New Report on Operational Security Technology

    The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now

  • Cyber Overconfidence Is Leaving Your Organization Vulnerable

    The increased sophistication of cyber threats pumped by the relentless use of AI and machine learning brings forth record-breaking statistics. Cyberattacks grew 44% YoY in 2024, with a weekly average of 1,673 cyberattacks per organization. While organizations up their security game to help thwart these attacks, a critical question remains: Can employees identify a threat when they come across one? A Confidence Gap survey reveals that 86% of employees feel confident in their ability to identify phishing attempts. But things are not as rosy as they appear; the more significant part of the report finds this confidence misplaced. Read Now

  • Mission 500 Debuts Refreshed Identity Ahead of Security 5K/2K at ISC West

    Mission 500, the security industry’s nonprofit charity dedicated to supporting children in need across the US, Canada, and Puerto Rico, has unveiled a refreshed brand identity ahead of ISC West. The charity’s new look includes a modernized logo with refined messaging to reinforce Mission 500’s nearly decade-long commitment to serving the needs of children and families in crisis. Read Now

    • Industry Events

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.