By using website you agree to our use of cookies as described in our cookie policy. Learn More


Report Highlights Shift in Ransomware Trends

The latest ransomware report from NordLocker shows the global ransomware landscape is changing significantly in terms of targeted industries and countries.

Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.

As the consensus is that ransomware attacks will only increase in the coming years, it is helpful to look at the ransomware trends that vary from year to year. The latest ransomware report from NordLocker shows the global ransomware landscape is changing significantly.

The total number of ransomware attacks worldwide decreased slightly between 2021 and 2022. In 2022, the number of reported attacks dropped to 2,257 (from 2,702 in 2021). However, as has been the trend, U.S. businesses continue to be the most affected by ransomware attacks year after year. In 2022, American businesses suffered 876 attacks, while in 2021 there were 1,237 reported incidents.

However, the shifting focus toward other countries, notably the United Kingdom and Germany, is an interesting development in the ransomware landscape. Both nations experienced a significant percentage increase in ransomware attacks in 2022 compared to the previous year.

In 2021, the U.K. experienced 4% of all global ransomware attacks, which rose to nearly 6% in 2022. Similarly, Germany saw an increase from 3.7% of attacks in 2021 to 4.1% in 2022.

The top five most attacked countries also changed between the two years. In 2022, the ranking shifted to the U.S. (38.8%), the U.K. (5.6%), Germany (4.2%), Canada (3.9%), and Italy (3.3%). In 2021, the top five were the U.S. (45.8%), Canada (4.6%), France (4.5%), the U.K. (4.4%), and Germany (3.7%).

Immense Attacks on the Financial Sector

Last year, the top three most attacked industries shifted to construction (142 attacks), finance (120 attacks), and manufacturing (119 attacks). In 2021, manufacturing (223 attacks), construction (214 attacks), and transportation (181 attacks) companies were the most affected.

The most notable change in this evolving landscape is the increased targeting of the financial sector. In 2021, financial companies were only the sixth most-attacked sector. By 2022, they were second.. Aivaras Vencevičius, head of product for NordLocker, says this dramatic shift highlights the growing threat to financial institutions and emphasizes the need for increased security measures within the industry.

Fewer Attacks in 2022 as More Companies Improve their Cybersecurity

Another interesting observation is the decrease in the number of countries targeted by ransomware attacks. While 102 countries were affected in 2021, the number dropped to 91 countries in 2022.

In 2021, the Conti ransomware group was the most active, carrying out 445 attacks worldwide. However, in 2022, a different group took the lead, with LockBit emerging as the most active ransomware group, responsible for an alarming 723 attacks worldwide.

“The NordLocker ransomware report shows that ransomware attacks have declined in the past year, indicating that companies are increasingly concerned about cybersecurity and implementing cybersecurity measures,” says Vencevičius, adding that if more companies are safe against cyberattacks, the rest are at a much higher risk of being attacked.

The best actions to take to protect businesses from ransomware include: 

  • Encourage proper file hygiene, encryption, and backups. File hygiene and backups can't stop cyberattacks, but they give the company leverage. Even if a company becomes a target for ransomware, the ability to restore data immediately will guarantee business continuity. If the company keeps the files encrypted, the information will be unreadable to hackers.
  • Encourage cybersecurity training. Investing in your employee's knowledge is the most cost-effective way to protect your organization from ransomware because 82% of cyberattacks happen due to human error. Training should be organized regularly and have a holistic approach that includes every employee.
  • Keep software up to date. Most cyberattacks either use social engineering to exploit the flaws in human nature or malware utilizing outdated software. Ensure everyone at your company understands the importance of keeping software updated.
  • Adopt zero-trust network access. Zero-trust means every access request to digital resources by a staff member should be granted only after their identity has been appropriately verified.

Methodology: Data was collected from publicly available blogs where ransomware gangs post the names of their victims and their demands. The ransomware attacks under investigation all happened during the period between January 1, 2020 and April 30, 2023. 

TDWI Membership

Get immediate access to training discounts, video library, research, and more.

Find the right level of Membership for you.