[SoY] 2021 | EN | Story of the Year: Ransomware on the Darkweb

S2W TALON

SoY (Story of the Year) publishes a report summarizing ransomware’s activity on the Darkweb. The report includes a summary of victimized firms, Top 5 targeted countries and industrial sectors, the status of dark web forum posts by ransomware operators, etc.

1. 2021 Ransomware Victim Status

• A total of 2,624* victim companies were leaked on ransomware leak sites by 49 ransomware operators.
• * Deduplicated.
• Company based in the United States are the prime targets for ransomware attacks, accounting for 49.4% of the total victim companies.
• Among all ransomware attack groups, Conti was the most active, accountinged for 18.4% of attacks

1.1. TOP 5 targeted countries

• 2021.01 ~ 2021.12 — Statistics for countries targeted by ransomware

1. United States — 49.4% (1,294)
2. United Kingdom — 5.2% (137)
3. France — 4.9% (128)
4. Canada — 4.8% (126)
5. Germany — 4.7% (122)

1.2. TOP 5 targeted industrial sectors

• 2021.01 ~ 2021.12 — Statistics for industries targeted by ransomware

1. Service — 9.2% (242)
2. Manufacturer — 8.4% (221)
3. Financial — 6.5% (170)
4. IT — 6.2% (162)
5. Healthcare — 5.6% (148)

1.3. TOP 5 Ransomware

• 2021.01 ~ 2021.12 —Statistics of victim companies

1. Conti — 18.4% (484)
2. LockBit — 18.3% (479)
3. Pysa — 6.9% (182)
4. Avaddon — 6.6% (172)
5. REvil — 5.6% (147)

1.4. Monthly statistics

• In 2021, Conti was the most active ransomware operator responsible for an average of 22.05% ransomware attacks each month.

• On average, 219 ransomware victims occurred per month, the highest was in August with 373.

• Homepage: https://s2w.inc/
• Facebook: https://www.facebook.com/S2WLAB/
• Twitter: https://twitter.com/S2W_Official