[SoY] 2021 | EN | Story of the Year: Ransomware on the Darkweb

S2W TALON

SoY (Story of the Year) publishes a report summarizing ransomware’s activity on the Darkweb. The report includes summary of victimized firms, Top 5 targeted countries and industrial sectors, status of dark web forum posts by ransomware operators, etc.

1. 2021 Ransomware Victim Status

  • A total of 2,624* victim companies were mentioned on ransomware leak sites based on 49 attack groups that had been updated in the past half of the year
    * Remove duplicates and updates that same victims
  • HQ of ransomware victim companies is the highest in the United States, accounting for 49.4% of the total victimized companies
  • Among all ransomware attack groups, Conti accounted for 18.4% of the activity, showing the highest activity

1.1. TOP 5 targeted countries

  • 2021.01 ~ 2021.12 — Ransomware targeted countries statistics
  1. United States — 49.4%
  2. United Kingdom — 5.2%
  3. France — 4.9%
  4. Canada — 4.8%
  5. Germany — 4.7%

1.2. TOP 5 targeted industrial sectors

  • 2021.01 ~ 2021.12 — Ransomware targeted industrial statistics
  1. Service — 9.2%
  2. Manufacturer — 8.4%
  3. Financial — 6.5%
  4. IT — 6.2%
  5. Healthcare — 5.6%

1.3. TOP 5 Ransomware

  • 2021.01 ~ 2021.12 — Ransomware Operators
  1. Conti — 18.4%
  2. LockBit — 18.3%
  3. Pysa — 6.9%
  4. Avaddon — 6.6%
  5. REvil — 5.6%

1.4. Monthly statistics

  • During 2021, Conti was the most active ransomware with an average monthly rate of 22.05%.
  • On average, 219 ransomware victims occurred per month, the highest in August with 373.

[SoY] 2021 | EN | Story of the Year: Ransomware on the Darkweb was originally published in S2W BLOG on Medium, where people are continuing the conversation by highlighting and responding to this story.

Article Link: [SoY] 2021 | EN | Story of the Year: Ransomware on the Darkweb | by S2W | S2W BLOG | Medium