2021 was a busy year for cybersecurity professionals. An influx of major high-profile ransomware attacks impacted supply chains and even inspired a first-ever presidential executive order promising to bolster cybersecurity defenses. Throughout the summer, several critical Microsoft vulnerabilities, including PrintNightmare and HiveNightmare, sent sysadmins scrambling to patch their environments. The year ended with a bang with Log4Shell, one of the most widespread and severe vulnerabilities that the cybersecurity community has dealt with.
Let’s take a look back at some 2021 cybersecurity statistics and ransomware trends.
2021 Ransomware Statistics
Unsurprisingly, ransomware was a common occurrence in 2021. One of the major drivers of this prevalence was the growing ransomware-as-a-service market, an underground market in which ransomware developers outsource their operations to affiliates who then execute the attack. Ransomware affiliates don’t need to have as much technical expertise, which significantly lowers the barriers to entry.
- The average cost to remediate a ransomware attack doubled in one year – from $761,106 in 2020 to $1.85 million in 2021. (Sophos)
- The most targeted sector in 2021 was government (Sonicwall)
- The average ransom payment in Q1 2021 was $220,298, which was 43% higher than the previous quarter (Coveware)
- Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021 (IDC’s 2021 Ransomware Study)
2021 Top Ransomware Attacks
Colonial Pipeline. On May 7, the DarkSide group deployed ransomware on the organization’s computerized equipment that manages the pipeline. DarkSide’s attack vector was a single compromised password to an active VPN account that was no longer in use.
While the attack didn’t affect operational technology systems, it did compromise the company’s billing system, which forced Colonial Pipeline to temporarily halt operations.
Within several hours of the attack, Colonial Pipeline paid the requested ransom of $4.4 million with the assistance of the FBI. On June 7, the Department of Justice announced that it had recovered approximately $2.3 million of the ransom payment.
Ireland’s Health Service Executive (HSE). Ireland’s HSE, which provides healthcare and social services, was hit by a variant of Conti ransomware in May that affected many health services in Ireland, such as processing blood tests and diagnostics.
The organization refused to pay the ransom of $20 million in Bitcoin and avoided paying because the Conti ransomware group handed over the software decryption key for free. However, the health service in Ireland still faced months of significant disruption as it restored 2,000 IT systems affected by the ransomware.
Kaseya. Kaseya, an IT services company for MSP and enterprise clients, was a victim of REvil ransomware during the July 4th holiday weekend. Although only .1% of Kaseya’s customers were breached, an estimated 800 to 1500 small to mid-sized businesses were affected through their MSP.
The attackers identified a chain of vulnerabilities in Kaseya’s on-premises VSA software, which organizations typically run in their DMZs. REvil was then able to use MSP’s Remote Monitoring and Management (RMM) tools to push out the attack to all connected agents.
Blumira By The Numbers in 2021
Ransomware groups were busy in 2021, but so were we. In 2021, Blumira…
- Analyzed over 400 petabytes of data — that’s equal to watching 6,523 years of 4k streaming video
- Ingested over 5 petabytes of data, which is equal to storing the DNA of 7 million humans
- Stored over 12 petabytes, the equivalent of 94,000 128GB flash drives!
- Ran over 340 million tasks looking for threats
- Experienced zero platform outages in 2021 and charged zero dollars for data ingestion
Cyberattacks are constantly evolving, and Blumira’s team works hard on your behalf, performing threat hunting to help you stay protected against attacks. Our incident detection engineers constantly develop detection rules based on known attacker techniques and automatically deploy them in Blumira’s cloud SIEM platform.
Many traditional SIEM vendors charge their customers based on data volume, but Blumira offers a simple pricing model to eliminate those cost concerns. Customers can ingest unlimited data and logs at no extra cost.
To get started, try Blumira for free.