The break-up was 77 state and municipal governments and agencies, 1043 schools and 1203 healthcare providers. During 2020, the total was 2354, with the break-up for the same categories being 113, 1681 and 560 respectively.
At least 118 data breaches resulted from these attacks, with sensitive information posted online in one case.
The Emsisoft report said in 2021, smaller municipalities and counties were hit, compared to earlier years when big cities like Baltimore and Atlanta were affected.
Sixty-eight healthcare providers were affected by ransomware, making for the total of 1203 sites. During the previous year, 80 providers and 560 sites were affected.
No estimates of costs were provided, though Emsisoft did cite a couple of cases like that of Scripps Health which estimated that it has spent US$112.7 million on getting things back to normal.
One development that merited note was the actions of the US Government following the attacks on the Colonial Pipeline and meat processor JBS, with President Joe Biden raising the issue with his Russian counterpart, Vladimir Putin.
More recently, there have been arrests in Russia, with a number of the REvil gang being taken into custody.
"While it is too to say what impact these actions will have, they are certainly a step in the right direction," Emsisoft commented.
"Ransomware became so much of a problem because the cyber criminals were able to operate with almost complete impunity. That is finally starting to change."
Contacted for comment, Brett Callow, a ransomware researcher with Emsisoft, told iTWire: "Whatever Russia's motivations may be, the arrest of the REvil members is significant, at least in the short term.
"Other threat actors will be wondering when exactly the operation was compromised, what other operations may have been compromised, what information was obtained and whether any of that information could point to them.
"There's a considerable amount of crossover between ransomware operations. Developers and affiliates can work with more than one operation, they deal with the same access brokers, tumbling services, cashing-out services, etc., etc. And that means a compromise of one operation can potentially have a knock-on effect.
"Additionally, it's likely that some actors will decide the risks are now too great and decide to make an exit while they can. We've seen this after other disruptions, especially with small-time actors who may be less of their ability to remain under the radar.
"We're still a very long well from solving the ransomware problem, but we're finally taking steps in the right direction."