Governments most targeted by ransomware attacks

The government sector was most affected by ransomware attacks in 2020, followed by banking, according to Atlas VPN. In total, 50% of last year’s ransomware attacks were directed at these industries among the top 10 most-targeted sectors.

Government organisations took the biggest share of ransomware attacks last year — 31,906, while the banking sector suffered 22,082 attacks. The data is based on the Trend Micro Annual Cybersecurity report. 

Another industry that was hit hard by ransomware last year is manufacturing. It experienced 17,071 ransomware attacks, which made up 16% of last year’s ransomware threats aimed at top industries.

Next up was the healthcare sector, which suffered 15,701 attacks, accounting for nearly 15% of ransomware attacks targeting businesses in top sectors in 2020.

Finally, rounding out the top five industries most targeted by ransomware last year is the finance sector, with 4,917 - or almost 5% - of last year’s ransomware attacks.

It seems, cybercriminals went after the most vulnerable sectors, such as government and healthcare, which are not only known for using outdated operating systems but were critical in dealing with the global pandemic.

It supports findings from a separate study which found that critical industries were bombarded by cyber attacks during country lockdowns.

More targeted attacks

Banking, finance, and manufacturing sectors also were frequently assaulted as they are highly lucrative targets for ransomware operators.

Other industries highly affected by ransomware in 2020 include education (4,578), technology (4,216), food and beverage (3,702), oil and gas (2,281), as well as insurance (2,002).

Like most cyber threats out there, ransomware comes in many different types. However, some ransomware families were more popular last year than the others.

Out of all the ransomware types, WannaCry, also referred to as WCry, WannaCrypt, WanaCrypt0r, WRrypt, was most favored by cybercriminals. This cyber threat was responsible for 220,166 or nearly 87% of all last year’s top ransomware families’ attacks. 

When infecting the system, WCry encrypts files and renames them, adding the .wcry or .WNCRY extension. Following successful encryption, WCry displays a pop-up window with a demand to pay a ransom in Bitcoin. It is a global ransomware family first discovered in 2017.

Locky ransomware also continued to plague organisations last year. There were 15,816 Locky cases detected in 2020. 

Discovered in 2016, Locky is a type of ransomware that targets Windows operating systems. It is most often delivered via email, with an attached Microsoft Word document that contains a malicious code.