A new Intel 471 whitepaper throws light on the ransomware variants detected in the fourth quarter of 2021. 722 ransomware attacks were detected during the fourth quarter of last year, which is an increase of 110 attacks recorded from the third quarter.
The most prevalent ransomware variants for the said period include LockBit 2.0, Conti, Pysa and Hive. The most affected sectors were consumer and industrial products, professional services and consulting, real estate, healthcare and life sciences, technology, media and telecommunications, among others. As for regions, most attacks took place in North America, Europe, Asia, South America, Oceania, Middle East, Central America and Africa, the report said.
“Despite its relatively short period of operation, the LockBit 2.0 ransomware continued to be the most prominent variant in the fourth quarter of 2021,” the researchers pointed out.
Countries with the highest number of LockBit 2.0 attacks include the U.S., Italy, Germany, France, and Canada. “LockBit 2.0 allegedly targeted another 39 countries, however, they amounted to less than 2.7% of the total number of ransomware events associated with this variant,” Intel 471 added.
Conti ransomware is the only family that was reported in all quarterly reports the company released in 2021. It was the most deployed variant in the second quarter of 2021. Countries with highest impact by Conti from October 2021 to December 2021 included the U.S., Germany, Italy, Canada, and Australia.
Last year, Conti was equipped with the capability to destroy victims’ backups.
PYSA ransomware was first observed in December 2019 and it is most likely a version of the Mespinoza ransomware. The sector with highest impact by PYSA was the public sector, with attacks against organizations such as South Africa’s Department of Justice and Constitutional Development, the U.S. city Bridgeport, Connecticut, and the U.K.-based Kent County Council.
Hive attacks mostly affected life science and healthcare organizations, with the U.S. being the most attacked country by this ransomware.
On a different note, a group of academics from South Korea’s Kookmin University recently discovered a way to decipher Hive. Apparently, the researchers were able to “recover the master key for generating the file encryption key without the attacker’s private key, by using a cryptographic vulnerability identified through analysis.”