Global Threat Intelligence Report – The Ransomware Landscape

The year ransomware evolved

2020 saw a massive increase of 178% in ransom payouts. This increase was driven in part by a new “double extortion” tactic adopted by ransomware groups, where alongside encrypting victims’ files, they also exfiltrate their data and threaten to leak it online.

Cognyte’s cyber threat intelligence research group has conducted a comprehensive statistical analysis of ransomware attacks by 21 ransomware groups, who were involved in exfiltrating data from a total of 1,112 victims in 63 countries.

Our in-depth report covers new ransomware trends, most targeted countries and industries, origin and motives of ransomware groups, regional analysis, state-sponsored ransomware attacks and the top exploited vulnerabilities.

Key findings include:

• The top 6 groups – Maze, Conti, Egregor, DoppelPaymer, NetWalker and REvil – are responsible for 80% of the total victims
• The top 10 targeted countries constitute 87% of total victims, with the US by far the most targeted country, with 56% of total victims
• Almost all the top 10 targeted countries are Western countries
• Manufacturing was the most targeted industry, accounting for over 30% of total victims
• Ransomware groups increasingly use advanced attack methods which are typically connected to nation-state actors
• Nation-sponsored actors increasingly use ransomware in their own attacks

Download the full report to get detailed insights on ransomware groups and their activities in 2020