• Home
  • /
  • Malware
  • /
  • FortiGuard report: Ransomware grows tenfold

FortiGuard report: Ransomware grows tenfold

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 25 Aug 2021

Ransomware activity in June this year was more than tenfold higher than levels from a year ago, with attacks crippling the supply chains of multiple organisations, in particular sectors of critical importance, and affecting daily life, productivity, and commerce.

This was one of the findings of Fortinet’s latest FortiGuard Labs Global Threat Landscape Report, which demonstrates a dramatic increase in the volume and sophistication of attacks targeting individuals, organisations, and increasingly, critical infrastructure.

The report also revealed that entities in the telecommunications sector were the most heavily targeted, followed by government, MSSPs, automotive, and manufacturing sectors.

Interestingly, it emerged that some ransomware operators are changing their tactics, and moving away from email-initiated payloads, to gaining and selling initial access into corporate networks. This highlights the ongoing evolution of ransomware-as-a-service fuelling cyber crime, the company says.


The report also noted a rise in deceptive social engineering malvertising and scareware, with over one in four businesses finding malvertising or scareware attempts with Cryxos being a notable family.

Today’s hybrid work situation has no doubt fuelled this trend, as attackers attempt to exploit it, aiming to scare, and also extort users. “Increased cybersecurity awareness is important as ever to provide timely training and education to help avoid falling victim to scareware and malvertising tactics,” the company says.

A push to the edge

A surge in botnet activity was also reported, largely attributed to the Trickbot malware. At the beginning of the year, 35% of companies detected some sort of botnet activity, a number that jumped to 51% six months later.

Once a banking trojan, TrickBot has subsequently morphed into a sophisticated and multi-stage toolkit supporting a range of illicit activities.

Mirai was the most prevalent overall, overtaking Gh0st early last year and remaining on top to this date, as is continues to add new cyber weapons to its arsenal.

Disruption of cyber crime

On the plus side, defenders had several victories in 2021. 

The original developer of TrickBot was arraigned on multiple charges in June, and Emotet, one of the most prolific malware operations in recent history, was taken down in a co-ordinated effort.

Actions to disrupt the Egregor, NetWalker, and Cl0p ransomware operations by cyber defenders, including global governments and law enforcement, also gained significant momentum.

Moreover, the level of attention that some attacks garnered spooked a few ransomware operators to announce they were ceasing operations.

Derek Manky, chief, Security Insights & Global Threat Alliances at FortiGuard Labs, says:“We are seeing an increase in effective and destructive cyber attacks affecting thousands of organisations in a single incident creating an important inflection point for the war on cyber crime.”

He says now more than ever, everyone has an important role in strengthening the kill chain. “Aligning forces through collaboration must be prioritised to disrupt cyber criminal supply chains. Shared data and partnership can enable more effective responses and better predict future techniques to deter adversary efforts.”

Ongoing cyber security awareness training as well as AI-powered prevention, detection, and response technologies integrated across endpoints, networks, and the cloud remain vital to counter attackers, he ends.