Cybersecurity Report: Record 304.7 Million Ransomware Attacks

BLOG POST by Alice Strange / Heather Santos

SonicWall’s Mid-Year Update to the 2021 Cyber Threat Report: the number of attacks eclipses 2020 global totals in just six months.

There are several documents that many of us in this business open with a bit of trepidation. One is our tax bill, and the other is SonicWall’s annual Cyber Threat Report

There’s not much we can do about the former – being that taxes and death, as Benjamin Franklin once wrote, are the only certainties in life. The latter is a tool for those of us who work to keep networks secure, and this report is often a harbinger of things to come.

SonicWall’s semi-annual releases (one for the annual report, a second one for a mid-year update, because you can never have enough of a good thing, right?) is an authoritative source. Researchers use threat intelligence data from more than 1.1 million sensors in 215 countries and territories. SonicWall also produces the report in such a non-promotional way (they are a cybersecurity services company) that even news organizations like the Wall Street Journal and CNN quote their findings. 

The Mid-year update to the 2021 SonicWall Cyber Threat Report 

So, when we say that 2021’s cyberattack data eclipsed last year’s, we mean that cybercrime reached a new and unsettling paradigm. Established technology and infrastructure are under siege from ransomware. Through the first half of 2021, global ransomware volume hit 304.7 million, which surpasses the entire year of 304.6 million attacks in 2020. That’s a 151% year-to-date increase in case you’re wondering.

The data shows that threat actors are busy adapting ransomware tactics to reap more financial gains. The trend is especially worrisome for security experts because the risk to businesses and organizations will remain high while remote working is still widespread. And as Bill Conner, SonicWall CEO and President, recognizes, “Criminals are acutely aware of uncertainty across the cyber landscape.”

Ransomware attacks continue to wallop us.

After the record highs in April and May, June saw another record high of 78.4 million ransomware attacks. In the U.S., attacks increased by 185% and in the U.K., 144%. The U.S., U.K., Germany, South Africa and Brazil were the hardest-hit countries. In addition, Florida, New York, Idaho, Louisiana and Rhode Island were the states in the U.S. that saw the most confirmed attacks. The report also shows that in the recent rise in attacks, hackers targeted key verticals with a 917% rise in ransomware attacks on government entities, 615% on education, 594% on healthcare, and 264% on retail.

Patented RTDMI software is finding and blocking more original malicious code and variants.

SonicWall also discovered a record number of new and original malicious programming. For example, there was a 54% increase over the first half of 2020 new coding in the current pipeline of threats. The technology that made the discovery is SonicWall’s Real-Time Deep Memory Inspection or RTDMI, which is the core of SonicWall services like Capture Advanced Threat Protection (ATP).  

RTDMI technology blocks more advanced and new malicious code than other behavior-based sandbox methods. In one 33-day test by ICSA, SonicWall’s technology found 100% unique threats and variants with zero false positives. The results of the sixth and most recent test confirmed the high performance of the technology. 

Distribution of malware and non-standard port attacks continues to fall.

Last year, there was a global drop in the number of non-ransomware malware attacks. After hitting record highs in 2020, these attacks fell in the first half of 2021, with a decrease of 24% worldwide. And in another sign that threat actors are getting more sophisticated, there are fewer “spray and pray” attacks and more surgical strikes that target specific organizations or verticals. 

Concerns for Cryptojacking.

With the sharp value fluctuations of cryptocurrencies, there is also an ebb and flow in the number of cryptojacking incidents. After making an unexpected return to prominence in 2020, the number of cryptojacking malware incidents rose in the first half of 2021 (when cryptocurrency prices were the highest). SonicWall’s researchers found 51.1 million cryptojacking attempts from January to June, a 23% increase over the same six-month period last year. Cryptojacking hit Europe particularly hard with a 248% year-to-date increase. 

The Wild West of IoT devices goes wild.

When everyone packed their belongings and went home, they plugged in millions of new IoT (internet of things) digital devices, adding a new and fertile attack vector for cybercriminals, as reported by SonicWall. As a result, attacks on this class of devices rose 59% year-to-date globally, a rate not seen since 2018. Comparing regions, the U.S. saw a slightly smaller increase in IoT attacks (15% year-to-date), but Europe and Asia were slammed (113% and 190%, respectively).


As working situations evolved in 2021, so did the methods of threat actors and motivated perpetrators. SonicWall Capture Labs threat researchers team compiled their findings into the mid-year update to the 2021 SonicWall Cyber Threat Report, which arms enterprises, government agencies, SMBs and other organizations with actionable threat intelligence to safeguard workforces, networks and data in today’s distributed IT reality. Visit our website to view the full report and all of its findings.