Ransomware attempt volume sets record, reaches more than 300 million for first half of 2021: SonicWall

The US, UK, Germany, South Africa and Brazil topped the list of countries most impacted by ransomware attempts while states like Florida and New York struggled as well.
Written by Jonathan Greig, Contributor

A new report from SonicWall found that attempted ransomware attacks skyrocketed in the first half of 2021, with 304.7 million attempted attacks seen by the company. SonicWall researchers saw a record number of attempted attacks in both April and May but both months were beat by June, which had a record 78.4 million attempted ransomware attacks.

The total figure of ransomware attacks seen by SonicWall in the first half of 2021 smashed the 2020 total of 304.6 million. The fact that the first six months of 2021 have already surpassed all of 2020 alarmed SonicWall researchers, who added that it represented a 151% year-on-year increase.

"Even if we don't record a single ransomware attempt in the entire second half (which is irrationally optimistic), 2021 will already go down as the worst year for ransomware SonicWall has ever recorded," the report said. 


According to the 2021 SonicWall Cyber Threat Report, ransomware volume seen by the company hit massive year-to-date spikes in the US at 185% and the UK at 144%. The US, UK, Germany, South Africa and Brazil topped the list of countries most impacted by ransomware in the first half of 2021. 

Within the US, the hardest hit states from a ransomware perspective were Florida, which saw 111.1 million ransomware attempts. New York had 26.4 million, while Idaho saw 20.5 million, and Rhode Island as well as Louisiana dealt with nearly 9 million.

The report was compiled based on information gathered by the SonicWall Capture Threat Network, which "monitors and collects information from global devices" including more than 1.1 million security sensors in 215 countries and territories. The report also features cross-vector, threat related information shared among SonicWall security systems, including firewalls, email security devices, endpoint security solutions, honeypots, content filtering systems and the SonicWall Capture Advanced Threat Protection multi-engine sandbox. 

The network collects malware and IP reputation data from tens of thousands of firewalls and email security devices around the globe. The report also gleans insights through shared threat intelligence from more than 50 industry collaboration groups and research organizations.

The report notes that the ransomware problem continues to worsen, and the data proved that Q2 was far worse than Q1 for 2021. Q2 was the worst quarter ever recorded by the company, with a ransomware volume of 188.9 million, far surpassing the Q1 figure of 115.8 million. 

Ransomware attacks are also increasingly spreading worldwide. Europe suffered a 234% increase in ransomware volume while North America saw increases of 180%. Asia saw its high point in March.

But the US still leads the way globally, nearly matching the ransomware volume of the next nine countries on the top 10 list for most attacked countries. 


For 2021, the most commonly attacked industry is the government, seeing three times as many attacks as last year. Government targets face more attacks than almost every other industry each month. By June, government customers saw 10 times as many ransomware attempts and an overall spike of 917%

Customers in the education field also saw a significant number of ransomware attempts, with an increase of 615%. SonicWall Capture Labs threat researchers found alarming ransomware spikes across healthcare (594%) and retail (264%) organizations as well.

The Ryuk, Cerber and SamSam ransomware groups accounted for 64% of all attempted ransomware attacks, according to data from SonicWall's Capture Labs. Ryuk alone accounted for 93.9 million attempts, tripling the number of Ryuk attempts seen in the first six months of 2020.

Cerber ended 2020 as the number two most seen ransomware family, according to SonicWall, and continued this trend with 52.5 million attempted attacks for the first six months of 2021, ramping up efforts in April and May. 

SamSam was able to double its volume from 2020 in the first half of 2021 with 49.7 million attempted attacks. In June alone, the group launched 15.7 million attacks. 

SonicWall CEO Bill Conner said the latest data shows that sophisticated threat actors are adapting their tactics and embracing ransomware to reap financial gain and sow discord. 

"With remote working still widespread, businesses continue to be highly exposed to risk, and criminals are acutely aware of uncertainty across the cyber landscape," Conner said. 


The report also tracks malware, finding that compared to 2020, the instances seen by SonicWall have been decreasing since its peak of 10.5 billion instances in 2018. 

Malware reached a six year low in 2020 with 5.6 billion malware attempts and 2021 saw 2.5 billion malware attempts in the first six months of this year.

"But as it will become apparent by reading the rest of this report, less malware isn't the same as less cybercrime. Instead, it's a sign that the traditional malware associated with spray-and-pray attacks of yesterday is being abandoned…usually in favor of more specialized, more sophisticated and more targeted attacks, capable of making criminals much more money and leaving much more devastation in their path," the report said. 

Both North America and Europe saw dips in malware volume but Asian countries saw a 23% increase. 

Malware skyrocketed in India and Germany in the first part of the year, with India seeing 147.2 million malware attempts, an increase of 83% year over year, and Germany seeing 150.4 million malware attempts. Germany's figures represented a staggering 465% increase.

SonicWall researchers note that some countries outside of the top 10 list were still suffering from malware. SonicWall said an organization in Vietnam had a 36.4% chance of seeing a malware attempt, higher than any other country. 

The company's Real-Time Deep Memory InspectionTM also discovered 185,945 "never-before-seen" malware variants, up 54% from the first half of 2020.

The report did include some good news. The volume of malicious PDF files and Office files dropped for the first time since 2018. 

Malware targeting IoT skyrocketed in 2021 with more than 32 million attacks, and in the US attempts on IoT increased by 15%. 

"While the nine vulnerabilities, collectively known as 'Name:Wreck,' all have patches available as of the time of this writing, many IoT devices lack the ability to be easily patched (or patched at all), meaning we may see attacks arising from these vulnerabilities for years into the future," the report noted.


Cryptojacking attempts also grew a staggering amount in the first half of 2021. Of the 51.1 million cyrptojacking attempts in 2021, the number of attacks rose 118% in Asia and 248% in Europe.

"The continued rise of ransomware, cryptojacking and other unique forms of malware targeted at monetization, along with their evolution of tactics, are evidence that cybercriminal activity always follows the money and rapidly adapts to new opportunities and changing environments," said SonicWall Vice President of Platform Architecture Dmitriy Ayrapetov.

Editorial standards