Ransomware attacks surged 2X in 2021, SonicWall reports

In the latest indicator of just how severe the ransomware problem became last year, new data released today by cybersecurity vendor SonicWall reveals that the total number of ransomware attacks more than doubled in 2021 – jumping 105% during the year compared to 2020.

It’s a stunning increase, considering how bad ransomware already was in 2020, and shows that ransomware has solidified its status even further as a “weapon of choice” for cyber criminals, said Bill Conner, president and CEO at SonicWall.

In case there was any doubt about it at this point, ransomware is “not going away anytime soon,” Conner said.

The data was released in the 2022 SonicWall Cyber Threat Report, and based on telemetry data from SonicWall’s customer base as well as from infrastructure such as honeypots operated by the company’s threat research team. SonicWall offers security products across network, email, endpoint, and secure access, and reports having more than 500,000 customers.

Due to the massive amount of data that SonicWall is able to capture, the company says that its findings can be viewed as representative of the ransomware issue on the whole. The findings are a “statistical proxy for what’s going on out there” in terms of overall ransomware attacks, said Dmitriy Ayrapetov, vice president of platform architecture at SonicWall.

Accelerated threat

The 105% spike in ransomware attacks in 2021 was also a significant acceleration from the rate of increase in the previous year, when ransomware attacks climbed 62%, year-over-year, according to SonicWall.

And compared to 2019, ransomware attacks were more than three times higher in 2021, marking a 231% increase in two years, the report says.

To put the 2021 ransomware surge further in perspective, the worst month for attacks in 2020 would’ve qualified as one of the better months in 2021, according to the report.

The bottom line is that ransomware is only growing in popularity with cyber criminals because it’s “where the money is,” Ayrapetov said. “If you’re going to monetize an attack, and want the highest risk-reward ratio, it’s going to be ransomware.”

And with the rise of ransomware-as-a-service, “the barrier to entry has become very, very low,” Ayrapetov said.

Majority of attacks target U.S.

The U.S. was once again the biggest ransomware target by far in 2021, with about 68% of attacks impacting the country, according to SonicWall. Other countries saw a higher growth rate in ransomware attacks, however — with attacks up 3,256% in Germany and 227% in the U.K. last year, compared to the 98% increase in the U.S.

In terms of ransomware strains, SonicWall found that Ryuk was once again No. 1. But at 30% of attacks, the strain made up a lower portion of ransomware attacks in 2021 than the previous year, when 36% of attacks involved Ryuk.

The same ransomware gang is believed to be behind both Ryuk and Conti, and the group is considered “one of the most ruthless” ransomware operations, Richard Hickman of Palo Alto Networks’ Unit 42 research group said last year. Conti’s ransomware attacks have included the crippling ransomware attack against Ireland’s health service in May 2021.

Last year’s spate of high-profile ransomware incidents also included the attacks against fuel pipeline operator Colonial Pipeline, meat processing firm JBS Foods, and IT management software firm Kaseya.

Increasingly, ransomware attacks are also including disclosure of stolen data to the public, according to a report from CrowdStrike released this week. Data leaks related to ransomware surged 82% in 2021 compared to the previous year, the report found.

Meanwhile, the average ransom demand grew 36% to $6.1 million last year, CrowdStrike reported.

Overall malware rebounding

Beyond ransomware, the SonicWall report also found increasing threats and several other areas:

• Overall malware — “which had been on a downward slide for years,” Conner said in the report — saw a major rebound in the second half of 2021, SonicWall reported. “The average monthly malware volume was roughly 80 million higher in the second half of 2021 than in the second half of 2020,” the company said
• Encrypted attacks — which involve the delivery of malware over encrypted HTTPS connections — surged 167% in 2021
• Cryptojacking attacks — which use a victim’s computing resources to mine for cryptocurrencies, such as Bitcoin — rose 19% in 2021
• IoT malware volume only increased 6% — compared to 66% growth in 2020 and 218% growth in 2019. “With no corresponding slowdown in the proliferation of connected devices, this suggests attack volumes may be leveling off,” SonicWall said in the report

Still, the fact that ransomware more than doubled in 2021 — “far surpassing the levels we found alarming in 2020” — stands out among the findings, Conner said in the report.

As VentureBeat has reported previously, ransomware attackers are probing known vulnerabilities for weaknesses and quickly capitalizing on them, launching attacks faster than vendor teams can patch them. Ransomware attackers are also making attacks more complex, costly, and challenging to identify and stop.

Ultimately, though, “while cybercriminals may have notched some battles this past year,” Conner said in the SonicWall report, “in the end they spurred us on.”