As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471.
The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the three-month-period between October and December 2021.
“The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5%, and Hive at 10.1%,” the researchers said in a report shared with The Hacker News.
Some of the most impacted sectors during the quarterly period were consumer and industrial products; manufacturing; professional services and consulting; real estate; life sciences and health care; technology, media and telecommunications; energy, resources and agriculture; public sector; financial services; and nonprofit entities.
Of all the recorded LockBit 2.0 attacks, the countries most affected included the U.S., followed by Italy, Germany, France, and Canada. A majority of the Conti infections were also reported in the U.S., Germany, and Italy. The U.S. remained the most impacted country for PYSA and Hive ransomware attacks as well.
“Attacks impacting the consumer and industrial products sector rose by 22.2% from the third quarter of 2021, making it the most-impacted sector during the fourth quarter,” the researchers said.
The findings come as a relatively unknown ransomware strain called Nokoyawa with “striking similarities” to the Hive ransomware has come to light, with most of its targets located primarily in Argentina.
“Both Nokoyawa and Hive include the use of Cobalt Strike as part of the arrival phase of the attack, as well as the use of legitimate, but commonly abused, tools such as the anti-rootkit scanners GMER and PC Hunter for defense evasion,” Trend Micro researchers detailed last week.