Government most hit by ransomware attacks in 2020 followed by Banking

Ruth C. | April 13, 2021

Ransomware is malicious software that restricts access to a victim's files or devices until the ransom is paid. Last year, this type of attack was one of the cybercriminals' favorite methods for targeting organizations.

According to the data presented by the Atlas VPN team, the government sector was the most affected by ransomware attacks in 2020, followed by Banking. In total, 50% of last year's ransomware attacks were directed at these industries among the top 10 most-targeted sectors.

Government organizations took the biggest share of ransomware attacks last year — 31,906, while the banking sector suffered 22,082 attacks. The data is based on the Trend Micro Annual Cybersecurity report. 

Another industry that was hit hard by ransomware last year is manufacturing.  It experienced 17,071 ransomware attacks, which made up 16% of last year's ransomware threats aimed at top industries.

Next up is the healthcare sector. It suffered 15,701 attacks, which accounted for nearly 15% of ransomware attacks targeting businesses in top sectors in 2020.

Finally, rounding out the top five industries most targeted by ransomware last year is the finance sector. It underwent 4,917 or almost 5% of last year's ransomware attacks.

It seems, cybercriminals went after the most vulnerable sectors, such as government and healthcare, which are not only known for using outdated operating systems but were critical in dealing with the global pandemic. Banking, finance, and manufacturing sectors also were frequently assaulted as they are highly lucrative targets for ransomware operators.

Other industries highly affected by ransomware in 2020 include education (4,578), technology (4,216), food and beverage (3,702), oil and gas (2,281), as well as insurance (2,002).

WannaCry ransomware was favored by cybercriminals

Like most cyber threats out there, ransomware comes in many different types. However, some ransomware families were more popular last year than the others.

Out of all the ransomware types, WannaCry, also referred to as WCry, WannaCrypt, WanaCrypt0r, WRrypt, was most favored by cybercriminals. This cyber threat was responsible for 220,166 or nearly 87% of all last year's top ransomware families' attacks. 

When infecting the system, WCry encrypts files and renames them, adding the .wcry or .WNCRY extension. Following successful encryption, WCry displays a pop-up window with a demand to pay a ransom in Bitcoin. It is a global ransomware family first discovered in 2017.

Locky ransomware also continued to plague organizations last year. There were 15,816 Locky cases detected in 2020. 

Discovered in 2016, Locky is a type of ransomware that targets Windows operating systems. It is most often delivered via email, with an attached Microsoft Word document that contains a malicious code.

Moving on, another prominent ransomware family last year was Cerber. In 2020, cybercriminals launched 5,448 attacks using Cerber ransomware.

Cerber ransomware infects victims' computers via phishing emails, malicious websites, and malware-infected ads. Unlike other ransomware families, Cerber is being offered as ransomware-as-a-service (RaaS). It means that criminals can become Cerber affiliates and get paid part of a ransom for spreading it across victims' computers.

Cerber is followed by Ryuk. This ransomware family was detected in 3,376 last year's ransomware attacks.

Ryuk is a sophisticated malware that can encrypt network drives and resources, as well as delete shadow copies on the endpoint, making it impossible to recover data lost in attack without an external backup. The ransomware is attributed to a Russian hacker group, WIZARD SPIDER, and was first spotted in 2018. Ryuk attackers primarily target large organizations and are known to demand high ransom payouts that have to be made in Bitcoin cryptocurrency.

Other ransomware families that made it to the top 10 include GandCrab (2,326), Sodinokibi (2,275), Crysis (1,744), Crypwall (1,019), Egregor (827), and DoppelPaymer (526). The latter two are relatively new, however, they still left a prominent mark last year. 

If you would like to read more about ransomware trends in 2020, visit our previous articles:

Ransomware accounts for 81% of all financially motivated cyberattacks in 2020

Average ransom payout jumped 178% in a year

56% of organizations suffered a ransomware attack in the last 12 months

Global ransomware attacks surged by 110% at 34 million Year-on-Year

Alex T.

Ruth C.

Cybersecurity Researcher and Publisher at Atlas VPN. Interested in cybercrime, online security, and privacy-related topics.

Tags:

Ransomware