In the first six months of 2021, global ransomware volume hit an unprecedented 304.7 million attempted attacks exceeding the 304.6 million ransomware endeavors logged for the entirety of 2020.

A new report from SonicWall discovered a record number of attempted cyberattacks in both April and May 2021 but both months were surpassed by June, which had a track record of 78.4 million attempted ransomware attacks.

June 2021 had more than the entire second quarter of 2020, and nearly half the total number of attacks for the year in 2019.

Even if we don’t record a single ransomware attempt in the entire second half (which is irrationally optimistic), 2021 will already go down as the worst year for ransomware SonicWall has ever recorded.


global ransomware volume


Ransomware Ascending

The report was assembled based on information collected by the security firm, which observes and gathers data from global devices including more than 1.1 million security sensors in 215 countries and regions.

The report indicates that the ransomware situation is getting worse all over the world. At the top of the list, Europe fell victim to an alarming 234% spike in ransomware, and ransomware volume increased 180% in North America.

In Asia, ransomware reached a high point in March, then started decreasing regularly. By June, there were only around a fifth as many cyberattacks as there had been three months prior. While ransomware in Asia is still up 59% year so far, it’s at least on a continuous path in the right direction.

Nobody was surprised to see that the U.S. recorded far and away the most ransomware attacks. In fact, as to ransomware volume, out of the 10 countries affected by cyberattacks, the U.S. has suffered nearly as much ransomware attacks as the other nines, but multiplied by four.

But despite already being the country with the most ransomware attacks, their volume in the U.S. still increased by 185%, while ransomware incidents in the second-ranking country, U.K., rose 144%.

The Most Commonly Attacked Industry Is the Government

Without a doubt, the most commonly targeted industry in 2021 is the government, and until now attacks have increased to three times last year’s high point. Every month this year, there have been far more attacks on government clients than any other sector.

By June, government customers were getting hit with approximately 10 times more ransomware attempts than average.

The report also shows that in three out of six months during the first half of this year, the education field saw even more ransomware attempts than the government sector. In addition, SonicWall Capture Labs threat security specialists discovered startling ransomware spikes across healthcare (594%) and retail (264%) entities.


Ryuk, Cerber and SamSam Ransomware Blamed for Most of the Attempts

According to data from the security company, the Ryuk, Cerber, and SamSam ransomware gangs are to be blamed for 64% of all attempted global ransomware attacks. Ryuk alone is accounted for 93.9 million attempts, tripling the number of Ryuk attempts seen in the first six months of 2020.

At the end of 2020, Cerber finished in second place, and up to this point, it’s held onto its spot, with 52.5 million recorded hits in the first half of 2021. While Cerber hits remained fairly constant in Q1, the number of hits nearly quadrupled in April, and by May it had risen to nearly five times the volume seen at the beginning of the year.

SamSam was able to double its volume from 2020 in the first half of 2021 with 49.7 million attempted attacks. In June alone, the ransomware gang was behind 15.7 million cyberattacks.

CEO Bill Conner declared:

“With remote working still widespread, businesses continue to be highly exposed to risk, and criminals are acutely aware of uncertainty across the cyber landscape.”

Malware Drops by Almost a Quarter

According to the report, it seems like the malware days may be over. After consistently recording malware levels of 8 billion every year in the 2010s, the threat type reached its highest point at 10.5 billion in 2018.

Afterward, there have not been more than two successive months of growth at any point, and the general trend has been overwhelmingly down.

But as it will become apparent by reading the rest of this report, less malware isn’t the same as less cybercrime. Instead, it’s a sign that the traditional malware associated with spray-and-pray attacks of yesterday is being abandoned…usually in favor of more specialized, more sophisticated, and more targeted attacks, capable of making criminals much more money and leaving much more devastation in their path.


Some Good News

The report shows that for the first time since 2018, the number of both malicious PDF files and malicious Office files has dropped. At the beginning of 2020, there were nearly as many malicious PDFs as Office files. But over the course of the year, the number of malicious Office files started to rapidly increase.

So far in 2021, as restrictions have eased and people started going back to the office all over the world, malicious Office files have dropped 54%, while malicious PDFs have fallen only 13%.

SonicWall registered a higher volume of cryptojacking in Q1 than any quarter since it began reporting these attacks in 2018. From 51.1 million cyrptojacking attacks in 2021, the number of attacks grew 118% in Asia and 248% in Europe.

The continued rise of ransomware, cryptojacking, and other unique forms of malware targeted at monetization, along with their evolution of tactics, are evidence that cybercriminal activity always follows the money and rapidly adapts to new opportunities and changing environments.


Ransomware Explained. What It Is and How It Works

New Ryuk Ransomware Hacking Techniques Revealed

SamSam Ransomware 101: How It Works and How to Avoid It

What Is Cryptojacking And How To Avoid This Attack

Leave a Reply

Your email address will not be published. Required fields are marked *