showed massive year-to-date spikes in the U.S. (185%), U.K. (144%)
- Ryuk, Cerber, SamSam top families of
the year, making up 64% of all ransomware volume
- Government, education, healthcare,
retail verticals increasingly targeted by ransomware
59% year-to-date globally, IoT malware continues growth since 2018
malware remains a key threat, up 23% year-to-date globally and up 22% in the
patented RTDMI™ finding more never-before-seen malware than ever, posting a 54%
year-to-date increase over the first half of 2020
SINGAPORE - Media OutReach - 16 August 2021 - In the first half of 2021, ransomware
attacks skyrocketed, eclipsing the entire volume for 2020 in only six months,
according to the mid-year
update to the 2021 SonicWall Cyber Threat Report
published today. In a new paradigm for cybercrime, SonicWall is analyzing how
threat actors are using any means possible to further their malicious intents.
With high-profile attacks against
established technology and infrastructure, ransomware is now more prevalent
than ever. Through the first half of 2021, SonicWall recorded global ransomware
volume of 304.7 million, surpassing 2020's full-year total (304.6 million) — a
151% year-to-date increase.
"In a year driven
by anxiety and uncertainty, cybercriminals have continued to accelerate attacks
against innocent people and vulnerable institutions," said SonicWall President
and CEO Bill Conner. "This latest data shows that sophisticated threat actors
are tirelessly adapting their tactics and embracing ransomware to reap
financial gain and sow discord. With remote working still widespread,
businesses continue to be highly exposed to risk, and criminals are acutely
aware of uncertainty across the cyber landscape. It's crucial that
organizations move toward a modern Boundless Cybersecurity approach to protect
against both known and unknown threats, particularly when everyone is more
remote, more mobile and less secure than ever."
Ransomware running rampant
record highs in both April and May, SonicWall recorded another new high of 78.4
million ransomware attacks in June 2021 alone. Ransomware volume showed massive
year-to-date spikes in the U.S. (185%) and the U.K. (144%). Accounting for 64%
of all recorded ransomware attacks, Ryuk, Cerber and SamSam were the top three
ransomware families in the first half of the year, as recorded by SonicWall
The top five
regions most impacted by ransomware in the first half of 2021 were the United
States, United Kingdom, Germany, South Africa and Brazil. Across the U.S., the
five hardest-hit states were Florida (111.1 million), New York (26.4 million),
Idaho (20.5 million), Louisiana (8.8 million) and Rhode Island (8.8 million).
rise of ransomware, cryptojacking and other unique forms of malware targeted at
monetization, along with their evolution of tactics, are evidence that
cybercriminal activity always follows the money and rapidly adapts to new
opportunities and changing environments," said
SonicWall Vice President of Platform Architecture Dmitriy Ayrapetov.
In line with spikes in global
data, SonicWall Capture Labs threat researchers also recorded alarming
ransomware spikes across key verticals, including government (917%), education
(615%), healthcare (594%) and retail (264%) organizations.
Patented RTDMI finding,
blocking more never-seen-before variants than ever
In the fight against known
and unknown threats, SonicWall's patented Real-Time Deep Memory InspectionTM
(RTDMI) identified record numbers of never-before-seen malware, posting a 54%
year-to-date increase over the first half of 2020.
RTDMI technology blocks more
advanced and unknown malware compared to traditional behavior-based sandboxing
methods, and with a lower false-positive rate. This can be seen in the latest ICSA Labs Advanced Threat Defense (ATD) Q2 test
results, where the SonicWall Capture
Advanced Threat Protection (ATP) service with RTDMI detected 100% of previously
unknown threats with zero false positives across 33 consecutive days of
In its most recent test
administered in the second quarter of 2021, ICSA conducted a total of 1,144
tests against Capture ATP, with a mixture of 544 new and little-known malicious
samples and 600 innocuous applications. Capture ATP correctly identified 100%
of malicious samples while allowing all clean samples through. It was the sixth
consecutive ICSA ATD certification for Capture ATP, and second 'perfect score'
in as many quarters.
is hard earned, particularly in today's fast-moving threat landscape,"
said SonicWall Vice President of Software Engineering & Threat Research
Alex Dubrovsky. "Consecutive perfect certifications is a testament to the
SonicWall team and our continued quest to arm organizations with intelligence and technology that help protect
them from the most dangerous cyber threats."
Malware continues to fall, non-standard
port attacks down
Last year, SonicWall recorded
a drop in global malware attacks, a trend that continued in the first half of
2021 with a 24% drop in malware volume worldwide. As threat actors become more
sophisticated — using ransomware, cryptojacking and other types of cyberattacks
to launch surgical strikes — the need for "spray-and-pray" malware attempts have
lessened, decreasing overall volume.
Malware attacks via
non-standard ports also fell in 2021 after hitting record highs in 2020. These
attacks, which aim to increase payloads by bypassing traditional firewall
technologies, represent 14% of all malware attempts in the first half of 2021,
down from 24% year to date.
Debasish Mukherjee, Vice President, Regional
Sales APAC adds "The pandemic drove the effectiveness and volume of
cyberattacks to historic highs. Remote workforces, a charged political climate,
record prices of cryptocurrency, and threat actors weaponizing cloud storage
and tools created new and numerous attack vectors on targets. Threats that were
once thought to be two or three years away are now a reality with
do-it-yourself, cloud-based tools creating an army of cybercriminals armed with
the same devastating force and impact of a nation-state or larger criminal
enterprise." He continues "It's imperative the IT industry stay ahead of these
mounting threats, strengthen relationships between private and government
sectors, and formulate more coordinated efforts to swiftly share threat
intelligence and act upon it."
Cryptojacking malware remains a concern
After having made an
unexpected revival in 2020, cryptojacking malware continued to climb through
the first half of 2021 as cryptocurrency prices remain high. From January to
June, SonicWall threat researchers recorded 51.1 million cryptojacking
attempts, representing a 23% increase over the same six-month period last year.
Europe was particularly ravaged, recording a 248% year-to-date rise in
cryptojacking malware. This increase highlights the volatile shifts of a market
cybercriminals have come to leverage due to their high desire for online
anonymity when it comes to lucrative payouts.
IoT vector continues to serve threats
Last year, employees packed
their belongings and went home in droves, introducing millions of new devices
to the network and millions of openings for cybercrime. This year, Internet of
Things (IoT) malware attacks have continued to increase, rising 59%
year-to-date globally, a trend stemming back to 2018.
While the U.S. saw a slightly smaller 15% year-to-date increase in IoT malware,
Europe and Asia also saw alarming rises of 113% and 190%, respectively, in IoT
SonicWall Capture Labs threat
researchers collect and analyze threat intelligence data from 1.1 million
sensors in over 215 countries and territories. This includes cross-vector,
threat-related information shared among SonicWall security systems, including
firewalls, email security devices, endpoint security solutions, honeypots,
content filtering systems and the SonicWall Capture Advanced Threat Protection
(ATP) multi-engine sandbox; SonicWall internal malware analysis automation
framework; malware and IP reputation data from tens of thousands of firewalls
and email security devices around the globe; and shared threat intelligence
from more than 50 industry collaboration groups and research organizations.
To download the full mid-year
update of the 2021 SonicWall Cyber Threat Report, please visit www.sonicwall.com/threatreport.