[SoY] 2021 | EN | Story of the first half of the year: Ransomware on the Darkweb

Malware Analysis
1

Hotsauce | S2W TALON

SoW (Story of the Week) publishes a report summarizing ransomware’s activity on the Darkweb. The report includes summary of victimized firms, Top 5 targeted countries and industrial sectors, status of dark web forum posts by ransomware operators, etc.

1. The first half of the year Status

  • A total of 518 victim companies were mentioned on ransomware leak sites based on 34 attack groups that had been updated in the past half of the year
  • HQ of ransomware victim companies is the highest in the United States, accounting for 58.7% of the total victimized companies
  • Among all ransomware attack groups, Revil accounted for 26.6% of the activity, showing the highest activity

1.1. TOP 5 targeted countries

  • 2021.01 ~ 2021.06 — Ransomware targeted countries statistics
  1. USA — 58.7%
  2. France — 6.7%
  3. United Kingdom — 5.1%
  4. Canada — 4.5%
  5. Italy — 2.6%

1.2. TOP 5 targeted industrial sectors

  • 2021.01 ~ 2021.06 — Ransomware targeted industrial statistics
  1. Service — 13.3%
  2. Financial — 7.9%
  3. Manufacturer — 7.0%
  4. Healthcare — 6.2%
  5. Industrial & Others — 4.1%

1.3. TOP 5 Ransomware

  • 2021.01 ~ 2021.06 — Ransomware Operators
  1. REvil — 26.6%
  2. Conti — 13.5%
  3. Pysa — 12.7%
  4. LV — 7.0%
  5. Darkside — 6.3%

1.4. Monthly statistics

  • During the first half of the year, REvil was the most active ransomware with an average of 26.6%.

1.5. The first half monthly comparison vs 2020

  • The number of ransomware victims continues to increase every month compared to last year.
  • In the case of 2021.06, the number of ransomware victim companies increased significantly due to the return of Conti.

[SoY] 2021 | EN | Story of the first half of the year: Ransomware on the Darkweb was originally published in S2W BLOG on Medium, where people are continuing the conversation by highlighting and responding to this story.

Article Link: [SoY] 2021 | EN | Story of the first half of the year: Ransomware on the Darkweb | by S2W | S2W BLOG | Medium