These four types of ransomware make up nearly three-quarters of reported incidents

Any ransomware is a cybersecurity issue, but some strains are having more of an impact than others.
Written by Danny Palmer, Senior Writer

Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks. 

According to analysis by cybersecurity company Intel 471, the most prevalent ransomware threat towards the end of 2021 was LockBit 2.0, which accounted for 29.7% of all reported incidents. Recent victims of LockBit have included Accenture and the French Ministry of Justice.  

Almost one in five reported incidents involved Conti ransomware, famous for several incidents over the past year, including an attack against the Irish Healthcare ExecutiveThe group recently had chat logs leaked, providing insights into how a ransomware gang works. PYSA and Hive account for one in 10 reported ransomware attacks each. 

SEE: Cybersecurity: Let's get tactical (ZDNet special report)  

"The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%," said the researchers.

Cybersecurity researchers at Intel 471 examined 722 ransomware attacks that took place between October and December 2021 and identified the most impacted sectors. 

Top of the list was consumer and industrial products, which accounted for almost a quarter of the organisations affected by ransomware attacks, up significantly compared to the previous quarter. 

Consumer and industrial products are a tempting target for ransomware criminals because they are services that people rely on as part of their everyday lives. If the network of the provider is encrypted, users can't access the services they need.  

One of the most high-profile instances of this issue occurred in 2020 when wearables, fitness tracker and smartwatch manufacturer Garmin was impacted by a ransomware attack, locking users out of services. It was reported that Garmin paid a multi-million-dollar ransom for a decryption key to help restore services. 

Manufacturing was the second-most impacted sector, accounting for 15.9% of ransomware attacks. Many manufacturing businesses work around the clock, often producing vital goods that people need every day.  

Professional services and consulting was the third-most targeted sector by ransomware, accounting for 15.4% of incidents, followed by real estate with 11.4%. 

Life sciences and health care was the fifth-most targeted sector, following a rise in attacks against it. This includes ransomware attacks against hospitals. Hospitals make a tempting target because the nature of healthcare means that if networks are offline, patients can't be treated, so some hospitals pay ransoms.

SEE: This sneaky type of phishing is growing fast because hackers are seeing big paydays

Ransomware is still a major cybersecurity issue and attacks continue to be successful because many victims choose to pay the ransom, despite being warned not to because that approach encourages more attacks

But there are actions that businesses can take to help avoid falling victim to a ransomware attack. This includes applying security patches as soon after release as possible, so hackers can't exploit known vulnerabilities. Applying multi-factor authentication across the network is also recommended, so it's harder for hackers to break into accounts and exploit them to lay the groundwork for ransomware or other malware attacks.  

Organisations should also regularly update and test offline backups, so in the event of a successful ransomware attack, there's a possibility of restoring the network without paying the ransom. 


Editorial standards