[SoY] 2021 | EN | Story of the Year: Ransomware on the Darkweb
S2W TALON
SoY (Story of the Year) publishes a report summarizing ransomware’s activity on the Darkweb. The report includes a summary of victimized firms, Top 5 targeted countries and industrial sectors, the status of dark web forum posts by ransomware operators, etc.
1. 2021 Ransomware Victim Status
- A total of 2,624* victim companies were leaked on ransomware leak sites by 49 ransomware operators.
- * Deduplicated.
- Company based in the United States are the prime targets for ransomware attacks, accounting for 49.4% of the total victim companies.
- Among all ransomware attack groups, Conti was the most active, accountinged for 18.4% of attacks
1.1. TOP 5 targeted countries
- 2021.01 ~ 2021.12 — Statistics for countries targeted by ransomware
- United States — 49.4% (1,294)
- United Kingdom — 5.2% (137)
- France — 4.9% (128)
- Canada — 4.8% (126)
- Germany — 4.7% (122)
1.2. TOP 5 targeted industrial sectors
- 2021.01 ~ 2021.12 — Statistics for industries targeted by ransomware
- Service — 9.2% (242)
- Manufacturer — 8.4% (221)
- Financial — 6.5% (170)
- IT — 6.2% (162)
- Healthcare — 5.6% (148)
1.3. TOP 5 Ransomware
- 2021.01 ~ 2021.12 —Statistics of victim companies
- Conti — 18.4% (484)
- LockBit — 18.3% (479)
- Pysa — 6.9% (182)
- Avaddon — 6.6% (172)
- REvil — 5.6% (147)
1.4. Monthly statistics
- In 2021, Conti was the most active ransomware operator responsible for an average of 22.05% ransomware attacks each month.
- On average, 219 ransomware victims occurred per month, the highest was in August with 373.
- Homepage: https://s2w.inc/
- Facebook: https://www.facebook.com/S2WLAB/
- Twitter: https://twitter.com/S2W_Official