While ransomware needs no introduction as a cybersecurity threat, 2021 demonstrated that cybercriminals could disrupt anyone from individuals, the private sector, and even governments.

In 2021, cyberattacks hitting individuals, corporations and supply chains are on the rise. Ransomware attacks affected the ability of millions from accessing health care, fuel, and even the purchase of groceries.

We explore the ransomware trends for 2021 and their implications as we move into 2022. Is your business protected enough?

Ransomware Trends For 2021

Here is a brief look at notable ransomware attacks carried out during 2021. We then dive into several other areas key areas such as the largest attacks of 2021, highest payout, and most common phishing attacks to be aware of.

January 2021

Apex Laboratory, New York. The company disclosed the attack that actually happened in 2020 because stolen data turned up online. They were victims of a cyberattack that rendered specific systems encrypted and inaccessible (source).

February 2021

Brazilian state-owned energy company, Companhia Paranaense de Energia (Copel). The Darkside ransomware gang orchestrated the attack, stealing more than 1000 GB of sensitive data. The company was one of two utility companies faced with a ransomware attack the same week. (source)

March 2021

Business payroll services company Prism HR has over 80,000 customers and 2 million employees, was attacked by Darkside. PrismHR suffered suspicious activity, which shut down their network and servers to protect system integrity. (source)

April 2021

French electronics manufacturing services company, Asteelflash also suffered. The REvil gang had initially demanded a $12 million ransom. When the deadline passed, the amount rose to $24 million (source).

May 2021

Cloud hosting provider Swiss Cloud reported a ransomware attack and worked in 24-hour shifts and weekends to restore service (source).

June 2021

Fujifilm partially shut down its Tokyo headquarters in response to a ransomware attack. REvil and Qbot were likely behind it (source).

July 2021

US software company Kaseya. The REvil gang caused a global supply chain attack. Multiple managed service providers (MSPs) and 1500 end customers were impacted. REvil demanded USD 70 million as a ransom (source).

August 2021

Italy’s Lazio region. The Italian vaccination registration system was knocked offline by the RansomEXX gang. The attack rendered every file in the system inaccessible. Affected residents were unable to book Covid-19 vaccinations (source).

September 2021

Beaumont Health in Michigan was impacted by a cyberattack, and 1500 patients were informed that their data might have been compromised in the attack (source).

October 2021

US-based trade publication and hosting company Sandhills Global was hit by the Marketo criminal gang. The company experienced disruption to its business operations when its hosted publications and phones went offline (source).

November 2021

Community Medical Centers, Inc., a non-profit community health centre in Northern California, was obligated to notify 656,047 patients that their personal information was involved in a ransomware attack (source).

December 2021

Energy provider Delta-Montrose Electric Association endured a malicious ransomware attack that shut down 90% of its internal control systems and erased 25 years of historical data (source).

5 Largest Ransomware Attacks Of 2021

5 Largest Ransomware Attacks Of 2021

Colonial Pipeline

The highest-profile ransomware attack of 2021 hit Colonial Pipeline, the company responsible for almost 50% of the US East Coast’s fuel. This attack is possibly the largest to target the oil industry in US history. The DarkSide group executed the attack and took over the computer system that manages the pipeline.

The attack affected the company’s billing system, forcing Colonial Pipeline to pause operations. Within hours of the attack, Colonial Pipeline paid a US$4.4 million ransom with the FBI’s help. Later, the Department of Justice reported that it recovered 50% of the ransom payment.


JBS, the largest beef supplier in the world, was attacked by the REvil ransomware group in May 2021. The company was forced to halt operations, which impacted the food supply chain globally.

JBS opted to pay the ransom to ensure the files and data weren’t leaked. JBS’ CEO reported that the decision, while difficult to make, avoided risking its customers and clients. The company paid the US$11 million ransom.

Kia Motors

In February 2021, DoppelPaymer demanded that Kia Motors pay 404 Bitcoins, which is equivalent to about US$20 million. The group threatened to publish Kia’s private data if Kia didn’t pay the ransom. Kia Motors America suffered a nationwide phone system and IT outage during this time.


Acer, a company specialising in hardware and software, was hit by a REvil ransomware attack demanding US$50 million. REvil shared some images of the allegedly stolen files on the dark web. The leaked images included a spreadsheet showing the company’s finances. According to some, the leak also had bank balances.


ExaGrid provides backup storage to help businesses recover after a ransomware incident experienced its own ransomware attack.

The Conti ransomware group attack on ExaGrid captured 800GB of confidential data, including contracts, client records, and source codes. ExaGrid paid US$2.6 million to reclaim its files and data.

Largest Single Ransomware Payout

Largest Single Ransomware Payout

All of the companies mentioned above paid hefty ransoms. However, the most prominent ransomware payout of 2021 reported by Bloomberg was paid by CNA Financial Corp. CNA Financial is among the largest insurance companies in the US. They paid hackers $40 million after an attack blocked its access to its network and stole its data.

CNA called in outside experts and law enforcement to investigate the attack. Even with this assistance and against the FBI’s recommendation, CNA negotiated with hackers and agreed to pay $40 million in ransom. It’s believed that a group called “Phoenix” was behind the attack.

Top 10 Industries Affected By Ransomware

In 2021, ransomware attacks increased across all industries. However, research shows that some types of businesses are targeted more often. The following industries are at the highest risk for ransomware attacks:

  • Construction
  • Manufacturing
  • Finance
  • Healthcare
  • Education
  • Technology and IT
  • Logistics and Transportation
  • Automotive
  • Municipal Services
  • Legal

5 Most Common Phishing attacks

 Phishing attacks

Cybercriminals use phishing attacks to capture sensitive data and gain system access before beginning their main ransomware assault. Below are five of the most common phishing attacks.

1. Phishing

Most phishing attacks are sent via an email that mimics an actual organisation. The hacker can send hundreds of thousands of generic emails in a single day using automation.

Often, the email will contain several legitimate links or legitimate code along with malicious counterparts. This allows the malicious link to pass through the email security filters. Alternately, the email may contain viable links mixed with malicious ones. Many people will spot-check a few links but not scrutinise each one. There will be that one link that seems to take the user to the communication settings page when it actually takes them to the hacker’s site.

2. Spear phishing

Spear phishing is more complex than simple email phishing. It involves sending a targeted and personalised email to a specific person. The agent uses social engineering to tailor and personalise the email to their intended target. They use email subject lines that interest the recipients and trick them into clicking on attached files or links.

3. Whaling

Whaling attacks target senior executives due to their positions within the company. While the goal of obtaining information or access is the same, the messages are more subtle. The goal is to fool executives and trick them into providing corporate-level information.

4. Vishing

Email remains the primary delivery vehicle for phishing attacks, but vishing attacks (also called voice phishing) happen in the form of a phone call. The victim receives a phone call that sounds like it’s coming from their credit card company or some other typical service to which most people subscribe.

The phone call often begins as an automated call that then re-routes the individuals to the criminals themselves, posing as customer service agents. They inform them of a fake issue and then ask the victim to “verify your information.” This is the point where they get what they came for.

5. Smishing

Smishing, for SMS phishing, is delivered to the intended target’s mobile phone as a text message. These malicious text messages trick users into clicking a malicious link and handing over sensitive information. The message could be disguised as something like a missed delivery or an urgent need to contact “customer support.”

Ransomware Predictions For 2022

Ransomware Predictions For 2022

Cybercrime experts constantly study the trends of current and past years to prepare for the next. Coming up are some expert predictions and recommendations for 2022. 

Increased Regulation

In response to the Colonial Pipeline attack, US President Biden issued an Executive Order. Industry regulation, however, has been voluntary. Regardless, cybersecurity discussion has entered the White House and government boardrooms around the world.

Connected Devices and IoT

Operational technology and connected and IoT devices are less protected than other IT environments. Malicious agents will likely attempt to compromise critical connected devices like medical systems. They may even expand to denial-of-service attacks along with data encryption.

Supply Chain Vulnerabilities

Due in part to the Kaseya attack, security analysts predict that we will see more supply chain attacks in 2022. In these instances, hackers target a service provider and potentially gain access to thousands of customers. These may even include attacks initiated by nation-states as well as private criminal entities.

Increased Sophistication of A.I.

Security analysts predict a boom of successful ransomware attacks in 2022 due to A.I. and machine learning creating more targeted and sophisticated attacks.


By studying the major ransomware attacks of the year and the trends that emerge from such studies, cybersecurity professionals can make predictions for 2022. Securus Communications can help your business with every aspect of IT security. 

From secure SD-WAN, SASE and penetration testing to cloud-based air-gap immutable backup storage, Securus has a security solution to suit your requirement and budget.

If you would like to discuss your cyber security requirements in more detail with one of our cyber security professionals, please don’t hesitate to get in touch.