Dozens of ransomware variants used in 722 attacks over 3 months


The ransomware place was pretty energetic in the previous quarter of 2021, with threat analysts observing 722 unique assaults deploying 34 distinctive variants.

This substantial amount of money of action results in troubles for the defenders, earning it tougher to maintain up with particular person team strategies, indicators of compromise, and detection possibilities.

In comparison to Q3 2021, the very last quarter had 18% bigger attack volume, when the comparison to Q2 2021 effects in a difference of 22%, so there’s a pattern of escalating assault quantities.

Actors and targets

The most widespread ransomware teams in Q4 2021, according to a report by Intel 471, were being LockBit 2. (29.7%), Conti (19%), PYSA (10.5%), and Hive (10.1%).

Attack volumes by ransomware strain
Assault volumes by ransomware pressure (Intel 471)

In comparison to the previous quarter, only PYSA experienced a recognizable rise in activity, which was also observed in a report by the NCC Team that examined November 2021 information.

The most targeted location was North The united states, accounting for just about 50 percent of all assaults by the ransomware functions described earlier mentioned. Europe followed with about 30%, leaving only 20% to the rest of the entire world.

Regions targeted by Conti in Q4 2021
Regions specific by Conti in Q4 2021 (Intel 471)

The stats are rather balanced for focused industries, and only the Buyer and Industrial solutions sector stands out, accounting for a single out of 4 attacks. Producing, expert expert services, and genuine estate also had significant shares.

Targeted industry sectors
Focused market sectors (Intel 471)

Shifting concentrate

When looking at this from the viewpoint of traits, compared to Q3 2021 knowledge, the manufacturing sector dropped even though purchaser and industrial products rose. In addition, daily life sciences and well being care also experienced a important increase.

This shift could be owing to the seasonal fascination for procuring throughout Xmas and Black Friday/Cyber Monday, which can make linked targets far more profitable.

Change in sector attack focus
Change in sector attack aim (Intel 471)

Healthcare also obtains a much more essential part as we transfer in direction of the finish of the year, possibly because of to the winter in the northern hemisphere bringing increased viral transmission costs.

Ransomware teams goal to disrupt the functions of corporations at the worst attainable time, to increase the prospects of obtaining a rapid resolution in their negotiation for the payment of the demanded ransom.

For case in point, the FBI recently warned that ransomware gangs commonly target organizations all through mergers and acquisitions to more utilize pressure all through negotiations.

On the other hand, in a lot of scenarios, the qualified corporations are purely opportunistic in mother nature, the place ransomware gangs only assault whoever they can obtain obtain to rather than based mostly on any vertical or year.