Threat actors typically select their targets based on the organization's industry, region and size. This pattern has also been noticed in many of the modern Ransomware-as-a-Service (RaaS) programs that we monitor; here are the top trends we have observed recently: Industry
: Analysis of Data Leak Sites (DLS) reveals that the most targeted sectors – manufacturing, real estate and transportation – faced roughly 2/3 of all ransomware attacks last year. However, nearly every industry was impacted and experienced an increase in the number of attacks. Group-IB's cyber threat intelligence shows that the financial sector is increasingly being targeted by ransomware operators utilizing DLS, with the number of ransomware attacks growing +146% over 12 months. Region
: DLS analysis also shows that the most targeted country by ransomware in 2021 was the US, experiencing nearly half of all known attacks. However, every other region is experiencing fast growth in the number of attacks, particularly APAC and LATAM, which saw an increase in the number of attacks by 143% and 127%, respectively. Size
: Over their history ransomware gangs have targeted organizations of all sizes, but since 2018 large enterprises have been increasingly targeted. However, in 2021 activity by initial access brokers, which sell access to organizations' networks to ransomware gangs, grew 204%. These initial access brokers launch widespread attacks, often targeting any organization with vulnerable systems.
The full details of ransomware trends can be found in Group-IB's recently released report here