Please fill in the form below to subscribe to our blog

Growing Ransomware Woes Are Swamping These 3 Sectors

February 11, 2022

3 Sectors Are the Hardest Hit But No Sector is Safe


Ransomware is an unwelcome visitor to any business. The bane of every IT professional, it’s a dominant threat in the security ecosystem that just keeps growing. In a recent survey, 90% of IT pros had clients that suffered ransomware attacks in the past year. IT prof and business owners have to confront the fact that ransomware is headed their way no matter what size their organization is –50% of ransomware attacks hit SMBs with less than 100 employees – or what industry they’re in. But there are a few industries that are at the top of the cybercriminal hit list, and companies in those fields have a higher risk of attack than others. 


a cartoon image of hands with fingers pointed at an embarrased-looking white woman with a brown bob in professional clothing

Your company’s top security risk is already inside the building. Learn how to fix it with The Guide to Reducing Insider Risk. GET IT>>


The Financial Sector is Rich with Ransomware Risk


The most beleaguered sector of late 2021 was Banking and Finance. Supplying a constant stream of breathless headlines, almost one-quarter (22%) of ransomware attacks in the last part of 2021 were directed at organizations in the money business. For the banking industry, the entire year was a dangerous time to do business. Banking and Finance targets saw a 1,318% increase in the number of ransomware attacks waged against it in the first half of 2021.  

This trend is easy to see in action in other parts of the financial ecosystem as well. Bad actors are laying siege to anything that even touches finance including cryptocurrency exchanges and De Fi targets. DeFi fraud and hacks combined for a total of $474 million lost just in the first half of 2021, with at least one De Fi platform in trouble every week. DeFi-related cybercrime made up 76% of all major hacks in 2021 as cybercriminals flocked to snatch their piece of the cryptocurrency pie.  

Which Industries Faced The Most Ransomware Attacks? (By Percentage of Total Attacks)

  1. Banking 22%  
  2. Utilities 20%  
  3. Retail 16%  

faint images of US dollars in a pile shaded in rainbow prismatics

Find out exactly how security awareness training makes your company safer & saves money! WATCH NOW>>


Infrastructure is Squarely in Cybercriminals’ Sights


Next up, one-fifth of ransomware attacks (20%) in the last half of the year were aimed at utility companies. Over 1,300 organizations in the Utilities sector including critical services, infrastructure, and supporting industrial targets were impacted by ransomware in 2021. This growing trend sent shockwaves around the world as people outside the tech industry began realizing that cyberattacks can be used as weapons against key strategic targets. Cyber-physical systems (CPS) company Claroty announced in a recent report that 80% of critical infrastructure organizations experienced a ransomware attack in last year. 

That is a grave concern for governments around the world. Last year’s incident with Colonial Pipeline brought the danger of infrastructure attacks home to politicians and average citizens alike. Ransomware threats against infrastructure targets have become such an acute problem that they were called out specifically in a joint advisory released by Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the United Kingdom’s National Cyber Security Centre (NCSC-UK) and the Australian Cyber Security Centre (ACSC) on Wednesday, February 9, 2022. In that release, officials disclosed that ransomware attacks targeted 14 of the 16 critical infrastructure sectors in 2021.   


A strong security culture reduces your company’s chance of a data breach. This checklist helps you build it. GET IT>>


No Industry is Above the Fray


Retailers take third place on the target list with organizations in that sector enduring 16% of ransomware attacks in late 2021. That beleaguered industry also took a monumental beating in 2020, with retail cyberattacks soaring by increasing by 1280% during the pandemic. The pressure eased in 2021 but cybercriminals were all gunning for retailers, an excellent source of valuable PII and financial data. Retailers that were hit with ransomware were left with big bills to pay in uncertain economic times. The average bill for cleaning up a ransomware attack in the retail sector was an estimated $1.97 million. 

Other sectors didn’t get off easy though. Altogether, The US has incurred a 127% year-to-date increase in the number of ransomware attacks while the UK has seen a 233% surge. IT professionals struggled to contain the ransomware flood that swamped businesses in every sector in 2021 and it doesn’t look like their job is going to get any easier in 2022. A study from Unitrends MSP of more than 200 IT professionals from MSP organizations worldwide detailed their experiences, and it wasn’t pretty. The vast majority of IT pros were aware of the epic growth of ransomware and it’s impact on their clients all too well.

In the Last 24 Months, Ransomware Has…  

  • Become a significant risk 89%  
  • Stayed the same 5%  
  • Diminished 2%  
  • Not Sure 5% 

How are cybercriminals delivering all of this ransomware to businesses? IBM’s Cyber Resilient Organization Study offers a breakdown of the most likely ways that ransomware gets to targeted organizations. When considering organizations that sustained at least one ransomware attack in 2021, researchers determined that four major causes represented the catalyst for ransomware events.  

How Organizations Encountered Ransomware 

  1. Phishing or Social Engineering 45% 
  2. Insecure or Spoofed Websites 22% 
  3. Social Media 19% 
  4. Malvertisements 13% 

When digging deeper into the origin point of ransomware for organizations in every industry, a few interesting findings pop up that really illustrate the variety of ways that a business can come into contact with ransomware. In a recent study on cybersecurity trends, researchers determined that most ransomware infections are self-inflicted, with 8 out of 10 ransomware incidents spawned by the victim interacting with a zipped file containing malicious code. More than 90% of those attacks were geared towards Microsoft O365 users while Google Workspace users got off relatively lightly at 1% of attacks. Other origin stories included abuse of third-party access at 3% and exploiting software vulnerabilities at 4% of all ransomware incidents.


Be the hero that defeats a company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>


The Aftermath of a Ransomware Incident is Brutal


One of the biggest ransomware woes that companies face is the aftermath of a successful attack. Unitrends MSP researchers determined that for companies that have faced ransomware head-on, data loss (22.34%) and downtime (22.13%) were and reputation damage (15.24%), were the top three consequences reported. Expanding on that, lost profits (13.57%) and compliance failures (9.39%) round out the top five.  

Consequences of a Ransomware Attack for Clients  

  • Downtime 22%   
  • Lost Data 22%   
  • Lost Profits 14%   
  • Data Recovered (Paid Ransom) 5%   
  • Data Lost (Paid Ransom) 6%   
  • Reputation Damage 15%   
  • Compliance Failure 9%   
  • Other 2%   
  • Clients Not Affected 5%   

Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work.  DOWNLOAD IT>>


How Can Businesses Reduce their Ransomware Risk?  


CISA recommends five actions that companies can take immediately to reduce their ransomware exposure.  

Running Phishing Exercises and User Awareness Training is a Snap with BullPhish ID 

BullPhish ID is a dynamic stand-alone solution for security awareness and phishing resistance training that makes the experience pleasant and painless for trainees and IT professionals that are tasked with running it. Our newest iteration of Bull Phish ID boasts fresh features and functions that stand out from the competition in quality and value.  

Find the training tools you need in the ever-expanding library of training content that BullPhish ID provides!

  • 15 new, up-to-date training videos on a variety of security and compliance topics including passwords, ransomware HIPAA compliance and more have just been added, with 4 new videos on the way every month!  
  • 8 new phishing kits have also been added to keep up with the latest threats, and a steady stream of new plug-and-play or customizable phishing kits gives trainers the freedom to make sure their users are being trained to resist the right phishing threats for their industry 
  • More new training content around risks and compliance is added every month! 
  • Easily track and show progress with easy-to-read monthly and quarterly performance reports that can be generated automatically accessed anytime.  

Get a personalized demonstration of the newly retooled BullPhish ID today! 


Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>



let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>


Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!

SCHEDULE IT NOW>>