International. Ransomware is malicious software that restricts access to the victim's files or devices until the ransom is paid. Last year, this type of attack was one of cybercriminals' favorite methods of attacking organizations.
According to data presented by the Atlas VPN team, the government sector was the most affected by ransomware attacks in 2020, followed by Banking. In total, 50% of last year's ransomware attacks targeted these industries among the 10 most attacked sectors.
Government organizations received the lion's share of ransomware attacks last year: 31,906, while the banking sector suffered 22,082 attacks. The data is based on Trend Micro's annual cybersecurity report.
Another industry that was hit hard by ransomware last year is manufacturing. It experienced 17,071 ransomware attacks, which accounted for 16% of last year's ransomware threats targeting major industries.
Next up is the health sector. It suffered 15,701 attacks, accounting for nearly 15% of ransomware attacks targeting businesses in major sectors in 2020.
Finally, among the top five industries most affected by ransomware last year is the financial sector. It suffered 4,917 or nearly 5% of last year's ransomware attacks.
Cybercriminals reportedly went after the most vulnerable sectors, such as government and healthcare, which are not only known to use outdated operating systems, but were instrumental in dealing with the global pandemic. The banking, financial and manufacturing sectors were also frequently targeted as they are very lucrative targets for ransomware operators.
Other industries heavily affected by ransomware in 2020 include education (4,578), technology (4,216), food and beverage (3,702), oil and gas (2,281), as well as insurance (2,002).
WannaCry ransomware was a favorite of cybercriminals
Like most cyber threats, ransomware comes in many different types. However, some ransomware families were more popular last year than others.
Of all the types of ransomware, WannaCry, also known as WCry, WannaCrypt, WanaCrypt0r, WRrypt, was the most favored by cybercriminals. This cyber threat was responsible for 220,166 or nearly 87% of all attacks by major ransomware families last year.
When infecting the system, WCry encrypts the files and renames them, adding the extension .wcry or . WNCRY. After successful encryption, WCry displays a pop-up window with a demand to pay a ransom in Bitcoin. It is a global ransomware family that was first discovered in 2017.
Locky ransomware also continued to affect organizations last year. 15,816 cases of Locky were detected in 2020.
Discovered in 2016, Locky is a type of ransomware that targets Windows operating systems. Most of the time it is sent by email, with a Microsoft Word document attached that contains malicious code.
Continuing, another prominent ransomware family last year was Cerber. In 2020, cybercriminals launched 5,448 attacks using Cerber ransomware.
Cerber ransomware infects victims' computers through phishing emails, malicious websites, and malware-infected ads. Unlike other ransomware families, Cerber is offered as ransomware-as-a-service (RaaS). It means criminals can become Cerber affiliates and receive part of a ransom for distributing it among victims' computers.
Cerber is followed by Ryuk. This ransomware family was detected in 3,376 ransomware attacks last year.
Ryuk is a sophisticated malware that can encrypt drives and network resources, as well as delete snapshots at the endpoint, making it impossible to recover data lost in an attack without an external backup. The ransomware is attributed to a Russian hacker group, WIZARD SPIDER, and was first detected in 2018. Ryuk attackers primarily target large organizations and are known to demand high ransom payments that must be made in Bitcoin cryptocurrencies.
Other ransomware families that made it to the top 10 include GandCrab (2,326), Sodinokibi (2,275), Crysis (1,744), Crypwall (1,019), Egregor (827), and DoppelPaymer (526). The latter two are relatively new, yet they still left a prominent mark last year.
Source: Atlas VPN.
