Mid-Year Threat Report Shows Massive Increase in Ransomware Attacks

Last month, SonicWall published a mid-year update of its Cyber Threat Report which confirmed there has been a major increase in cyberattacks since 2020. In the first 6 months of 2021, cryptojacking attacks increased by 23%, encrypted threats rose by 26%, IoT attacks rose by 59%, and there was a 151% increase in ransomware attacks compared to the corresponding period last year.

Ransomware attacks have been steadily increasing since Q1, 2020, but the rate of increase jumped considerably between Q1 and Q2, 2021, rising to a Q2 total of 188.9 million attempted attacks: an increase of 63.1% from the previous quarter. In June alone there were 78.4 million attempted ransomware attacks, which is more than the total number of attacks in the second quarter of 2020 and almost half of the total number of attempted ransomware attacks in all of 2019. In total, there were 304.7 million attempted ransomware attacks in the first half of 2021.

“Even if we don’t record a single ransomware attempt in the entire second half (which is irrationally optimistic), 2021 will already go down as the worst year for ransomware SonicWall has ever recorded,” said SonicWall in the report.

Ransomware attacks are mostly conducted in the United States, which accounts for around 73% of all ransomware attempts, but ransomware attacks have been increasing globally. In the first half of 2021, attacks in North America increased by 180% and there was a 234% increase in ransomware volume in Europe. The United States saw a 185% increase and there was a 144% increase in attacks on UK organizations.

Within the United States, certain states have been extensively attacked. Florida was by far the worst affected state, registering 111 million ransomware hits, which is more than the next nine most attacked states combined. There were 26 million attempted attacks in New York, 20 million in Idaho, and 8.8 million in Louisiana.

The most targeted industry – by some margin is government. In 2021, attacks increased to three times the highest point in 2020 and, in June, government customers were hit at around ten times the average rate. The education sector has also been extensively targeted, although attacks on healthcare customers have remained fairly constant throughout the first half of the year.

The biggest ransomware threat in 2021 has been Ryuk ransomware, with 93.9 million instances of Ryuk recorded in the first half of the year, which is three times the level in the corresponding period in 2020. Cerber ransomware was also a major threat, with 52.5 million instances recorded in the first half of 2021. The number of Cerber instances increased sharply in April and May, with May seeing more than five times the number of attempted attacks as January. Two thirds of the 2020 total number of SamSam ransomware attempts were recorded in June alone, when there were 15.7 million attack attempts.

SonicWall says there are several factors that have fueled the increase in attacks. One of the main reasons for the rise is the attacks are extremely profitable for cyber threat actors. Many organizations have paid ransoms to recover files or to prevent the publication of sensitive data stolen in the attacks.

SonicWall says cyber threat actors are also getting better at finding and encrypting backups, making recovery without paying the ransom difficult or impossible. There has also been an increase in data theft prior to the deployment of ransomware, with payments often made to recover data even when valid backups exist to recover files.

It is becoming more common for threat actors to conduct repeat attacks on organizations that have paid the ransom, as there is a god chance that a second ransom will also be paid. Organizations that pay a ransom may also be targeted by other threat groups that have heard that one payment has already been made.

There was some positive news in the report. Malware attacks have declined significantly year over year. SonicWall Capture Labs recorded 2.5 billion malware attempts in the first six months of 2021, which represents a 22% fall from the same period last year. There has also been a decline in the number of malicious PDF and Office files being distributed in spam and phishing emails. The use of malicious Office files declined by 54% in 2021, with malicious PDF files falling by 13%.