Security Market Segment LS
Wednesday, 19 January 2022 10:07

US Windows ransomware attacks in 2021 little changed from 2020 Featured

US Windows ransomware attacks in 2021 little changed from 2020 Pixabay

Ransomware attacks on Windows systems in the US during 2021 showed a small dip from the previous year, with 2323 local governments, schools and healthcare providers hit, the security firm Emsisoft reports.

The break-up was 77 state and municipal governments and agencies, 1043 schools and 1203 healthcare providers. During 2020, the total was 2354, with the break-up for the same categories being 113, 1681 and 560 respectively.

At least 118 data breaches resulted from these attacks, with sensitive information posted online in one case.

The Emsisoft report said in 2021, smaller municipalities and counties were hit, compared to earlier years when big cities like Baltimore and Atlanta were affected.

As far as educational institutions were concerned the number of incidents was similar – 88 in 2021 and 84 in 2020. But there were more schools hit in 2021.

Sixty-eight healthcare providers were affected by ransomware, making for the total of 1203 sites. During the previous year, 80 providers and 560 sites were affected.

No estimates of costs were provided, though Emsisoft did cite a couple of cases like that of Scripps Health which estimated that it has spent US$112.7 million on getting things back to normal.

One development that merited note was the actions of the US Government following the attacks on the Colonial Pipeline and meat processor JBS, with President Joe Biden raising the issue with his Russian counterpart, Vladimir Putin.

More recently, there have been arrests in Russia, with a number of the REvil gang being taken into custody.

"While it is too to say what impact these actions will have, they are certainly a step in the right direction," Emsisoft commented.

"Ransomware became so much of a problem because the cyber criminals were able to operate with almost complete impunity. That is finally starting to change."

Contacted for comment, Brett Callow, a ransomware researcher with Emsisoft, told iTWire: "Whatever Russia's motivations may be, the arrest of the REvil members is significant, at least in the short term.

"Other threat actors will be wondering when exactly the operation was compromised, what other operations may have been compromised, what information was obtained and whether any of that information could point to them.

"There's a considerable amount of crossover between ransomware operations. Developers and affiliates can work with more than one operation, they deal with the same access brokers, tumbling services, cashing-out services, etc., etc. And that means a compromise of one operation can potentially have a knock-on effect.

"Additionally, it's likely that some actors will decide the risks are now too great and decide to make an exit while they can. We've seen this after other disruptions, especially with small-time actors who may be less of their ability to remain under the radar.

"We're still a very long well from solving the ransomware problem, but we're finally taking steps in the right direction."

Read 1036 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News