S2W BLOG
Published in

S2W BLOG

[SoY] 2021 | EN | Story of the Year: Ransomware on the Darkweb

S2W TALON

SoY (Story of the Year) publishes a report summarizing ransomware’s activity on the Darkweb. The report includes a summary of victimized firms, Top 5 targeted countries and industrial sectors, the status of dark web forum posts by ransomware operators, etc.

1. 2021 Ransomware Victim Status

  • A total of 2,624* victim companies were leaked on ransomware leak sites by 49 ransomware operators.
  • * Deduplicated.
  • Company based in the United States are the prime targets for ransomware attacks, accounting for 49.4% of the total victim companies.
  • Among all ransomware attack groups, Conti was the most active, accountinged for 18.4% of attacks

1.1. TOP 5 targeted countries

  • 2021.01 ~ 2021.12 — Statistics for countries targeted by ransomware
  1. United States — 49.4% (1,294)
  2. United Kingdom — 5.2% (137)
  3. France — 4.9% (128)
  4. Canada — 4.8% (126)
  5. Germany — 4.7% (122)

1.2. TOP 5 targeted industrial sectors

  • 2021.01 ~ 2021.12 — Statistics for industries targeted by ransomware
  1. Service — 9.2% (242)
  2. Manufacturer — 8.4% (221)
  3. Financial — 6.5% (170)
  4. IT — 6.2% (162)
  5. Healthcare — 5.6% (148)

1.3. TOP 5 Ransomware

  • 2021.01 ~ 2021.12 —Statistics of victim companies
  1. Conti — 18.4% (484)
  2. LockBit — 18.3% (479)
  3. Pysa — 6.9% (182)
  4. Avaddon — 6.6% (172)
  5. REvil — 5.6% (147)

1.4. Monthly statistics

  • In 2021, Conti was the most active ransomware operator responsible for an average of 22.05% ransomware attacks each month.
  • On average, 219 ransomware victims occurred per month, the highest was in August with 373.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store