Security challenges

Ransomware: 2021's top attacks and need-to-know stats

Published on 17th Sep 2021
Ransomware Code 1440X253

Unless you've been living underneath a rock, you’ll know ransomware attacks have been running rampant in recent months. Phishing emails are the primary method for delivering ransomware, as hackers can target ordinary, vulnerable users instead of trying to bypass security systems. It only takes one employee to click on one malicious link or email to breach an entire system.

The rise of Ransomware-as-a-Service, where ransomware developers outsource their operations to affiliates that execute the attack, has made it easier than ever for wannabe-cybercriminals to get hold of the malware. 

Ransomware can affect organizations of all sizes – let’s take a look at some of the biggest from the past year.

Top ransomware attacks of 2021

Colonial Pipeline

The DarkSide group deployed ransomware to Colonial Pipeline's network equipment on May 7, 2021. The attack vector was a compromised password to a VPN account that was no longer in use, which companies can easily prevent by implementing multi-factor authentication.

The attack impacted the oil infrastructure along the US East Coast, resulting in panic buying and fuel shortages. The company paid the requested ransom of $4.4 million with the assistance of the FBI, of which $2.3 million was recovered a month later.


There was an attack on this prominent Taiwanese computer manufacturer in March 2021. Threat actors gained access to the company's network via a Microsoft Exchange vulnerability. 

Data exposed might include client lists, payment information, and financial documents. Acer allegedly paid a ransom of $50 million — the highest ransomware payment reported to date.

Kia Motors America

The automaker allegedly suffered a DoppelPaymer ransomware attack that caused an extensive system outage in February 2021. The incident impacted the company's mobile apps, payment services, phone services, owner portal, and dealerships' systems.

The criminals demanded a $20 million ransom to decrypt the files and not leak the stolen data online. Kia's parent company, Hyundai, might also have been attacked since it experienced similar outages.

DC Police Department

Ransomware doesn't spare law enforcement agencies. The attack aimed at the Metropolitan Police Department in DC in April 2021 resulted in a massive exposure of the department's internal information because it refused to pay the $4 million ransom.

The Babuk group, a Russian ransomware syndicate, was responsible for the attack. This incident is the most damaging ransomware attack to hit a US police department to date.


The REvil ransomware group attacked the global beef manufacturer on May 30, 2021. The company had to shut down its operations until June 3, 2021. JBS later revealed that it paid an $11 million ransom after the attack forced it to halt cattle-slaughtering operations at 13 meat processing plants.

After the incident, both the White House and the US Attorney General expressed concern over ransomware attacks becoming national security threats.

But what was the biggest ransomware attack?

Kaseya, a software provider that offers remote management monitoring to managed service providers (MSPs), was attacked on July 2, 2021. Threat actors exploited the company's platform to deploy ransomware to the networks of its end customers.

This incident underscores the increasing risks in software supply chains. More cybercriminals are targeting software providers, sneaking malicious codes into software updates that get pushed out to thousands of organizations so they can infiltrate numerous targets all at once.

Important ransomware statistics for 2021

Although we only hear about high-profile incidents, ransomware attacks are more prevalent than many people assume.

How many ransomware attacks occur each year?

In 2020, 304 million ransomware attacks occurred worldwide. The number has increased rapidly in 2021, with 115.8 million attacks reported in Q1 and 188.9 million in Q2.

How much have ransomware attacks increased?

The number of ransomware attacks increased by 62% between 2019 and 2020. Meanwhile, the global attack volume jumped by 151% during the first six months of 2021 compared to the same period in 2020.

Frequency of ransomware

How ransomware attacks are delivered

  • The most common ransomware delivery mechanisms are phishing emails and drive-by downloading when users visit an infected website.
  • Over 90% of ransomware attacks are delivered via email phishing 
  • Companies experience an average downtime of 21 days after a ransomware attack.

Cost of ransomware attacks

  • The total recovery cost from a ransomware attack has increased from $761,106 in 2020 to $1.85 million in 2021.
  • In a recent survey:
    • 66% of respondents suffer significant revenue loss after a ransomware attack
    • 53% said their brand images were negatively impacted
    • 29% were forced to cut jobs


Worried about ransomware? Learn how the rising epidemic can be stopped here.


You might also be interested in ...

University 600x400 28kb
Security challenges
Why UK Universities are spear phishing targets for state actors
State sponsored cyber actors have stepped up their attacks against UK leading universities - learn what to watch out for. 
Security challenges
Can artificial intelligence stop people from being phished?

It's impossible for users to catch every phishing email. Learn how AI-based solutions understand and support normal human behaviour.

Security challenges
LinkedIn phishing attacks up 232% in February

The attacks we have seen are bypassing traditional email security defenses to be delivered into people’s inboxes. Without technology deployed within the mailbox to help them detect attacks, it can be difficult for individuals to avoid falling victim. You can see in the screengrabs provided that Egress Defend has alerted the recipient to the attack within their inbox.