[SoY] 2021 | EN | Story of the first half of the year: Ransomware on the Darkweb

Hotsauce | S2W TALON

SoW (Story of the Week) publishes a report summarizing ransomware’s activity on the Darkweb. The report includes summary of victimized firms, Top 5 targeted countries and industrial sectors, status of dark web forum posts by ransomware operators, etc.

1. The first half of the year Status

• A total of 1152 victim companies were mentioned on ransomware leak sites based on 30 attack groups that had been updated in the past half of the year
• HQ of ransomware victim companies is the highest in the United States, accounting for 54.0% of the total victimized companies
• Among all ransomware attack groups, Conti accounted for 22.0% of the activity, showing the highest activity

1.1. TOP 5 targeted countries

• 2021.01 ~ 2021.06 — Ransomware targeted countries statistics

1. United States — 54.0%
2. France — 6.2%
3. United Kingdom — 5.4%
4. Canada — 5.3%
5. Germany — 4.3%

1.2. TOP 5 targeted industrial sectors

• 2021.01 ~ 2021.06 — Ransomware targeted industrial statistics

1. Service — 10.8%
2. Manufacturer — 9.7%
3. Financial — 7.4%
4. Industrials — 6.7%
5. Healthcare — 6.3%

1.3. TOP 5 Ransomware

• 2021.01 ~ 2021.06 — Ransomware Operators

1. Conti — 22.0%
2. Avaddon — 14.9%
3. REvil — 11.5%
4. Darkside — 6.9%
5. DoppelPaymer — 6.1%

1.4. Monthly statistics

• During the first half of the year, Conti was the most active ransomware with an average of 22.05%

• Homepage: https://www.s2w.inc
• Facebook: https://www.facebook.com/S2W
• Twitter: https://twitter.com/S2W_Official