Threat analysts saw 722 different ransomware strikes utilizing 34 different variations in Q4 of 2021, indicating that the ransomware landscape was quite active.

This flurry of activity makes it difficult for defenses to keep track of individual group strategies, signs of vulnerability, and detection options.

The last quarter saw an 18% increase in attack volume compared to Q3 2021 and a difference of 22% compared to Q2 2021, indicating a trajectory of growing attack frequency.

Behind the attacks

According to a survey by Intel 471, the most common ransomware groups in Q4 2021 were LockBit 2.0 (29.7%), Conti (19%), PYSA (10.5%), and Hive (10.1%).

Only PYSA saw a significant increase in activity compared to the previous quarter, which was also noticed in research by the NCC Group that looked at November 2021 statistics.

North America was the top targeted area, accounting for nearly half of all attacks by the ransomware operations described above. Europe came in second with around 30%, leaving the rest of the globe with approximately 20%.

Distributed stats and growth-induced changes

The statistics for targeted industries are well distributed, with only the Consumer and Industrial Products sector standing out, accounting for one out of every four assaults. Manufacturing, professional services, and real estate accounted for a significant portion of the total.

When comparing Q3 2021 data to Q3 2021 data, the manufacturing sector has diminished while consumer and industrial products have climbed. In addition, the fields of biological sciences and health care have seen tremendous growth.

This shift might be related to the increased profitability of connected goals due to the seasonal interest in purchasing over Christmas and Black Friday/Cyber Monday.

TIP: Also read our analysis of how dangerous ransomware is, and what you can do as an organization to handle it.