Ransomware: The Dominant Cyberattack Type for Q4 2021

Intel 471’s recent report lists ransomware attacks as the most prevalent kind of security breach, with 722 such strikes observed in the fourth quarter of 2021. The most common malware used to execute them were PYSA, LockBit 2.0, Conti, Grief, and Hive.

This is a respective increase of 129 and 110 attacks compared to Q2 and Q3 of 2021. Between October and December, researchers discovered 34 ransomware variants.

“The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5%, and Hive at 10.1%,” Intel 471’s report disclosed.

The following sectors were affected, in descending order:

• Consumer and industrial products
• Manufacturing
• Professional services, consulting
• Real estate, life sciences, health care
• Technology, media, and telecommunications
• Energy, resources
• Agriculture, public sector, financial services, nonprofit

As we can see, the attacks impacted the consumer and industrial products sectors the most, increasing by 22.2% from Q3 2021.

US businesses were most affected by LockBit 2.0 attacks, primarily due to inadequate cybersecurity and ransomware protection. The US was also the main target for Conti, PYSA, and Hive. In other parts of the world, the most often attacked countries were Italy, Germany, France, and Canada.

Hive was particularly prominent in 2021, breaching more than 300 organizations in four months, and garnering millions in profit for the malicious parties. Researchers also discovered a new type of ransomware - Nokoyawa. It’s similar to Hive in many ways, and was mostly used to target Argentina.

“Both Nokoyawa and Hive include the use of Cobalt Strike as part of the arrival phase of the attack, as well as the use of legitimate, but commonly abused, tools such as the anti-rootkit scanners GMER and PC Hunter for defense evasion,” researchers from Trend Micro stated.