S2W BLOG
Published in

S2W BLOG

[SoY] 2021 | EN | Story of the Year: Ransomware on the Darkweb

S2W TALON

SoY (Story of the Year) publishes a report summarizing ransomware’s activity on the Darkweb. The report includes a summary of victimized firms, Top 5 targeted countries and industrial sectors, the status of dark web forum posts by ransomware operators, etc.

1. 2021 Ransomware Victim Status

  • A total of 2,624* victim companies were leaked on ransomware leak sites by 49 ransomware operators.
  • * Deduplicated.
  • Company based in the United States are the prime targets for ransomware attacks, accounting for 49.4% of the total victim companies.
  • Among all ransomware attack groups, Conti was the most active, accountinged for 18.4% of attacks

1.1. TOP 5 targeted countries

  • 2021.01 ~ 2021.12 — Statistics for countries targeted by ransomware
  1. United States — 49.4% (1,294)
  2. United Kingdom — 5.2% (137)
  3. France — 4.9% (128)
  4. Canada — 4.8% (126)
  5. Germany — 4.7% (122)

1.2. TOP 5 targeted industrial sectors

  • 2021.01 ~ 2021.12 — Statistics for industries targeted by ransomware
  1. Service — 9.2% (242)
  2. Manufacturer — 8.4% (221)
  3. Financial — 6.5% (170)
  4. IT — 6.2% (162)
  5. Healthcare — 5.6% (148)

1.3. TOP 5 Ransomware

  • 2021.01 ~ 2021.12 —Statistics of victim companies
  1. Conti — 18.4% (484)
  2. LockBit — 18.3% (479)
  3. Pysa — 6.9% (182)
  4. Avaddon — 6.6% (172)
  5. REvil — 5.6% (147)

1.4. Monthly statistics

  • In 2021, Conti was the most active ransomware operator responsible for an average of 22.05% ransomware attacks each month.
  • On average, 219 ransomware victims occurred per month, the highest was in August with 373.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
S2W

S2W

S2W is specializing in cybersecurity data analysis for cyber threat intelligence.