The ransomware space was very active in the last quarter of 2021, with threat analysts observing 722 distinct attacks using 34 different variants.
This high level of activity created problems for those working in cybersecurity, making it harder to keep up with individual group tactics, indicators of compromise, and detection opportunities.
Compared to Q3 2021, the last quarter had an 18% higher attack volume, while the comparison to Q2 2021 resulted in a difference of 22%.
The most prominent ransomware groups in Q4 2021, according to a report by Intel 471, were LockBit 2.0 (29.7%), Conti (19%), PYSA (10.5%), and Hive (10.1%).
Compared to the previous quarter, only PYSA had a noticeable rise in activity. This was also noted in a report by the NCC Group in December that examined Novebmer data.
The most targeted region was North America, which accounted for around half of all attacks by the ransomware operations. Europe followed with approximately 30%, leaving only 20% for the rest of the world.
The statistics were quite balanced for targeted industries. Only the Consumer and Industrial products sector stood out, accounting for one out of four attacks. Manufacturing, professional services, and real estate also had substantial shares.
Compared to Q3 2021 data, the manufacturing sector dropped while consumer and industrial products rose. Life sciences and health care also experienced a significant rise.
This shift could be due to the seasonal interest for shopping during Christmas and Black Friday/Cyber Monday, which made these targets more lucrative.
Attacks on the healthcare sector also increased towards the end of 2021, possibly due to the winter in the northern hemisphere resulting in higher viral transmission rates.
Ransomware groups look to disrupt the operations of firms at the worst possible time in order to increase the chances of having a quick resolution in their negotiation for the payment of the demanded ransom.