The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way.
Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world.
From a hard-number perspective, the ransomware scourge hit a staggering 304.7 million attempted attacks within SonicWall Capture Labs’ telemetry. To put that in perspective, the firm logged 304.6 million ransomware attempts for the entirety of 2020.
The top three ransomware strains seen in the wild by the firm are Ryuk, Cerber and SamSam, according to a recent mid-year report from SonicWall.
Top Ransomware Variants
In terms of the three most common types of ransomware, SonicWall researchers recorded 93.9 million instances of Ryuk in the first half, catapulting it to the No. 1 position – a number that’s triple the number of Ryuk attempts seen in the first six months of 2020.
Meanwhile, researchers also saw Cerber used in 52.5 million recorded hits in the first half of 2021. Researchers said that Cerber is definitely on the rise; the number of attacks nearly quadrupled in April, and by May it had risen to nearly five times the levels seen in January.
And finally, there were 49.7 million recorded instances of SamSam in SonicWall’s numbers for the first half — more than double the volume seen during the entire year of 2020. June alone saw 15.7 million hits, researchers said, which is more than two-thirds of the 23.5 million SamSam hits seen for all of last year.
Record-Setting Cyberattack Volumes
The level of attacks appears to be increasing, according to SonicWall. Ransomware volume jumped from 115.8 million attacks in Q1 to 188.9 million attacks in Q2.
“Even if we don’t record a single ransomware attempt in the entire second half (which is irrationally optimistic), 2021 will already go down as the worst year for ransomware SonicWall has ever recorded,” according to the report.
To boot, every month during the second quarter also set a new record.
“After rising to a new high in April, ransomware rose again in May, then saw another increase in June,” researchers said. “During that month, SonicWall recorded 78.4 million ransomware attempts — more than the entire second quarter of 2020, and nearly half the total number of attacks for the year in 2019.”
Ransomware: A Global Problem
The report found that ransomware isn’t just growing — it’s a worldwide problem.
Europe felt the brunt of the spikes in volume, with a 234 percent spike in ransomware attacks in the first half, according to SonicWall. North America wasn’t too far behind, with ransomware volume jumping 180 percent in the region.
The news is better for Asia, where ransomware hits were up just 59 percent year-to-date. However, after hitting a high point in March, attack volume began dropping, researchers said. By June, there were only about a fifth as many attacks as there had been three months prior.
While Europe as a region saw the most pain, the U.S. recorded far and away the most ransomware attacks, the analysis found, with attack volume in the U.S. rising 185 percent from the first half last year.
“In fact, of the top 10 countries for ransomware volume, the U.S. had nearly as much ransomware as the other nine put together…times four,” according to the report.
Ransomware volume in the second-ranking country, the U.K., rose 144 percent.
Government Most-Targeted Sector
By an overwhelming margin, the most commonly targeted industry in 2021 has been government. By June, government customers were seeing about 10 times more ransomware attempts than the average, according to researchers. However, the devil is in the details when it comes to interpreting this stat.
“Government customers are still seeing a higher-than-average number of ransomware attempts, but in three out of six months during the first half of 2021, education customers saw even more,” noted the report.
Worried about where the next attack is coming from? We’ve got your back. REGISTER NOW for our upcoming live webinar, How to Think Like a Threat Actor, in partnership with Uptycs. Find out precisely where attackers are targeting you and how to get there first. Join host Becky Bracken and Uptycs researchers Amit Malik and Ashwin Vamshi on Aug. 17 at 11AM EST for this LIVE discussion.