Record 304.7mn ransomware attacks eclipse 2020 global total in 6 months

In the first half of 2021, ransomware attacks skyrocketed, eclipsing the entire volume for 2020 in only six months. This is according to the mid-year update to the 2021 SonicWall Cyber Threat Report published. 

In a new paradigm for cybercrime, SonicWall is analysing how threat actors are using any means possible to further their malicious intents.

With high-profile attacks against established technology and infrastructure, ransomware is now more prevalent than ever. Through the first half of 2021, SonicWall recorded global ransomware volume of 304.7 million, surpassing 2020’s full-year total (304.6 million) a 151% year-to-date increase.

“In a year driven by anxiety and uncertainty, cybercriminals have continued to accelerate attacks against innocent people and vulnerable institutions,” says SonicWall president and CEO, Bill Conner. “This latest data shows that sophisticated threat actors are tirelessly adapting their tactics and embracing ransomware to reap financial gain and sow discord.

With remote working still widespread, businesses continue to be highly exposed to risk, and criminals are acutely aware of uncertainty across the cyber landscape. It’s crucial that organisations move toward a modern Boundless Cybersecurity approach to protect against both known and unknown threats, particularly when everyone is more remote, more mobile and less secure than ever.”

Ransomware running rampant

After posting record highs in both April and May, SonicWall recorded another new high of 78.4 million ransomware attacks in June 2021 alone. Ransomware volume showed massive year-to-date spikes in the U.S. (185%) and the U.K. (144%). 

Accounting for 64% of all recorded ransomware attacks, Ryuk, Cerber and SamSam were the top three ransomware families in the first half of the year, as recorded by SonicWall Capture Labs.

The top five regions most impacted by ransomware in the first half of 2021 were the United States, United Kingdom, Germany, South Africa and Brazil. Across the U.S., the five hardest-hit states were Florida (111.1 million), New York (26.4 million), Idaho (20.5 million), Louisiana (8.8 million) and Rhode Island (8.8 million).

“The continued rise of ransomware, cryptojacking and other forms of malware targeted at monetisation, along with their evolution of tactics, are evidence that cybercriminal activity always follows the money and rapidly adapts to new opportunities and changing environments,” says, SonicWall vice president of platform architecture Dmitriy Ayrapetov.

In line with spikes in global data, SonicWall Capture Labs threat researchers also recorded alarming ransomware spikes across key verticals, including government (917%), education (615%), healthcare (594%) and retail (264%) organisations.

Patented RTDMI finding, blocking more never-seen-before variants than ever

In the fight against known and unknown threats, SonicWall’s patented Real-Time Deep Memory InspectionTM (RTDMI) identified record numbers of never-before-seen malware, posting a 54% year-to-date increase over the first half of 2020.

RTDMI technology blocks more advanced and unknown malware compared to traditional behavior-based sandboxing methods, and with a lower false-positive rate. This can be seen in the latest ICSA Labs Advanced Threat Defense (ATD) Q2 test results, where the SonicWall Capture Advanced Threat Protection (ATP) service with RTDMI detected 100% of previously unknown threats with zero false positives across 33 consecutive days of testing.

In its most recent test administered in the second quarter of 2021, ICSA conducted a total of 1,144 tests against Capture ATP, with a mixture of 544 new and little-known malicious samples and 600 innocuous applications. Capture ATP correctly identified 100% of malicious samples while allowing all clean samples through. It was the sixth consecutive ICSA ATD certification for Capture ATP, and second ‘perfect score’ in as many quarters.

“Third-party validation is hard earned, particularly in fast-moving threat landscape,” says SonicWall vice president of software engineering & threat research Alex Dubrovsky. “Consecutive perfect certifications is a testament to the SonicWall team and our continued quest to arm organisations with intelligence and technology that help protect them from the most dangerous cyber threats.”

Malware continues to fall, non-standard port attacks down

Last year, SonicWall recorded a drop in global malware attacks, a trend that continued in the first half of 2021 with a 24% drop in malware volume worldwide. As threat actors become more sophisticated using ransomware, cryptojacking and other types of cyberattacks to launch surgical strikes the need for “spray-and-pray” malware attempts has lessened, decreasing overall volume.

Malware attacks via non-standard ports also fell in 2021 after hitting record highs in 2020. These attacks, which aim to increase payloads by bypassing traditional firewall technologies, represent 14% of all malware attempts in the first half of 2021, down from 24% year to date.

Cryptojacking malware remains a concern

After having made an unexpected revival in 2020, crypto jacking malware continued to climb through the first half of 2021 as crypto currency prices remain high. From January to June, SonicWall threat researchers recorded 51.1 million crypto jacking attempts, representing a 23% increase over the same six-month period last year.

Europe was particularly ravaged, recording a 248% year-to-date rise in crypto jacking malware. This increase highlights the volatile shifts of a market cybercriminals have come to leverage due to their high desire for online anonymity when it comes to lucrative payouts.

IoT vector continues to serve threats

Last year, employees packed their belongings and went home in droves, introducing millions of new devices to the network and millions of openings for cybercrime. This year, Internet of Things (IoT) malware attacks have continued to increase, rising 59% year-to-date globally, a trend stemming back to 2018.

While the U.S. saw a slightly smaller 15% year-to-date increase in IoT malware, Europe and Asia also saw alarming rises of 113% and 190%, respectively, in IoT malware volume.

SonicWall Capture Labs threat researchers collect and analyse threat intelligence data from 1.1 million sensors in over 215 countries and territories.

This includes cross-vector, threat-related information shared among SonicWall security systems, including firewalls, email security devices, endpoint security solutions, honeypots, content filtering systems and the SonicWall Capture Advanced Threat Protection (ATP) multi-engine sandbox; SonicWall internal malware analysis automation framework; malware and IP reputation data from tens of thousands of firewalls and email security devices around the globe; and shared threat intelligence from more than 50 industry collaboration groups and research organisations.

To download the full mid-year update of the 2021 SonicWall Cyber Threat Report, please visit here.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Guardara uncovers key zero day vulnerability in IoT message broker software

Posted on: September 24, 2021

Developer-focused code security specialist Guardara announces it has uncovered a Zero Day Vulnerability in open source software from EMQ, the provider of open source software for IoT devices. The vulnerability, which was uncovered by a non-security expert using Guardara’s powerful testing tool, could have significant implications for connected IoT devices depending on NanoMQ.

Read more

HCL Technologies selects RISE with SAP, deepens strategic partnership with SAP

Posted on: September 24, 2021

HCL Technologies has selected RISE with SAP offering to further modernise its enterprise digital landscape. Additionally, as an SAP strategic partner, HCL will be using this experience to help its clients leverage their combined experience in the industry cloud transformation space.

Read more