Ransomware tracker: the latest figures [January 2022]

* Note: this Ransomware Tracker is updated on the 10th day of each month to stay current *

Colonial Pipeline. JBS Foods. Kaseya. Companies and government agencies have been bombarded by ransomware attacks over the last year — some incidents making national headlines while others have been lost in a flood of mundane disruptions.

The ransomware threat can be a difficult one to keep track of, since victims often try to sweep attacks under the rug while perpetrators hide their identity to evade law enforcement. Over the last year, The Record and our parent company Recorded Future have updated this ransomware tracker using data collected from government agencies, news reports, hacking forums, and other sources. The trend is clear: despite bold efforts from governments around the world, ransomware isn’t going anywhere.

“We’ve really been in a ransomware Groundhog Year since 2019, with every year being the same as the last — albeit a little bit worse,” said Brett Callow, threat analyst at cybersecurity firm Emsisoft.

According to Allan Liska, a Recorded Future ransomware specialist who maintains the tracker data, things like the number of victims posted on extortion sites have continued to rise, as well as the number of attacks impacting industries such as media and manufacturing. But there’s some nuance in the data, he said.

“Ransomware attacks against municipalities were actually down compared to 2020. It is a small drop, but still the first dip we’ve seen since 2017,” according to Liska. “We also saw a fall off of ransomware attacks against healthcare providers and schools in the second half of 2021. The overall numbers were still up, but the slowdown is interesting to note.”

Another interesting trend is that certain ransomware extortion sites — where groups post small amounts of victim data, threatening to expose more details if a demand isn’t paid — racked up huge numbers of victims early in the year only to stall part-way through. Cybersecurity experts say that arrests and other law enforcement actions have created a chilling effect for some groups — or at least pressured them to reform under different names.

“2021 may have been the year in which governments finally decided that a stronger response to the ransomware problem was needed,” said Callow. “The attack on Colonial Pipeline — which resulted in gas shortages, panic buying, flight cancellations and a state of emergency being declared — seemed to be a turning point.”

Jacqueline Koven, head of cyber threat intelligence at Chainalysis, which helps track how criminals use cryptocurrency, said she expects many groups to continue to reshuffle in 2022.

“Nearly half of the most prolific ransomware strains of 2021 have been compromised or taken down by law enforcement. In 2022, I expect that vacuum will be filled by new entrants to the space, including rebranded offshoots of defunct variants,” she said. “Over the last year, we’ve been able to see that even when a variant is shuttered, the affiliates persist and will transition over to a newly formed or preexisting variant to continue ransomware operations.”

Graphs from this ongoing project can be shared and reproduced with proper attribution.

Adam Janofsky

Adam is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.

Recent Posts

Biden administration launches initiative to protect U.S. water systems from cyberattacks

The Biden administration on Thursday will kick off an effort to protect the country’s water…

28 mins ago

DeepDotWeb co-admin sentenced to 8 years in prison

One of the two administrators of the DeepDotWeb portal was sentenced this week to 97…

4 hours ago

Ukrainian government calls out false flag operation in recent data wiping attack

The Ukrainian government said today that it found evidence meant to connect the data wiping…

16 hours ago

Meta’s free mode came with a cost, report says

Meta Connectivity (previously Facebook Connectivity) is facing scrutiny after reports emerged that their Free Basics…

19 hours ago

White House releases final zero-trust strategy for federal government

The White House on Wednesday issued finalized plans for its strategy to move the federal…

22 hours ago

German government warns of APT27 activity targeting local companies

The German government said on Tuesday that a Chinese cyberespionage group known as APT27 has…

23 hours ago