Privacy Ninja

Dozens of Ransomware Variants Used in 722 Attacks over 3 months

Dozens of Ransomware Variants Used in 722 Attacks over 3 months

The ransomware space was very active in the last quarter of 2021, with threat analysts observing 722 distinct attacks deploying 34 different variants.

This massive amount of activity creates problems for the defenders, making it harder to keep up with individual group tactics, indicators of compromise, and detection opportunities.

Compared to Q3 2021, the last quarter had 18% higher attack volume, while the comparison to Q2 2021 results in a difference of 22%, so there’s a trend of increasing attack numbers.

Also Read: Cost of GDPR Compliance for Singapore Companies

Actors and targets

The most prevalent ransomware groups in Q4 2021, according to a report by Intel 471, were LockBit 2.0 (29.7%), Conti (19%), PYSA (10.5%), and Hive (10.1%).

Attack volumes by ransomware strain
Attack volumes by ransomware strain (Intel 471)

Compared to the preceding quarter, only PYSA had a noticeable rise in activity, which was also noted in a report by the NCC Group that examined November 2021 data.

The most targeted region was North America, accounting for almost half of all attacks by the ransomware operations mentioned above. Europe followed with roughly 30%, leaving only 20% to the rest of the world.

Regions targeted by Conti in Q4 2021
Regions targeted by Conti in Q4 2021 (Intel 471)

The stats are rather balanced for targeted industries, and only the Consumer and Industrial products sector stands out, accounting for one out of four attacks. Manufacturing, professional services, and real estate also had substantial shares.

Also Read: 6 Simple Tips on Cyber Safety at Home

Targeted industry sectors
Targeted industry sectors (Intel 471)

Shifting focus

When looking at this from the perspective of trends, compared to Q3 2021 data, the manufacturing sector dropped while consumer and industrial products rose. In addition, life sciences and health care also had a significant rise.

This shift could be due to the seasonal interest for shopping during Christmas and Black Friday/Cyber Monday, which makes associated targets more lucrative.

Change in sector attack focus
Change in sector attack focus (Intel 471)

Healthcare also obtains a more critical role as we move towards the end of the year, possibly due to the winter in the northern hemisphere bringing higher viral transmission rates.

Ransomware groups aim to disrupt the operations of firms at the worst possible time, to increase the chances of having a quick resolution in their negotiation for the payment of the demanded ransom.

For example, the FBI recently warned that ransomware gangs commonly target companies during mergers and acquisitions to further apply pressure during negotiations.

However, in many cases, the targeted companies are purely opportunistic in nature, where ransomware gangs simply attack whoever they can gain access to rather than based on any vertical or season.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us