These 3 Sectors Are the Most Common Targets for Ransomware

February 04, 2022

Businesses around the world have been besieged by ransomware for the last few years. It’s become a plague on organizations in every sector – private enterprises, hospitals, infrastructure, government agencies, schools and everything else under the sun. It doesn’t matter what size a business is either. Over 50% of ransomware attacks target businesses with less than 100 employees. Ransomware practitioners don’t discriminate. But they do have a few preferences, and that translates into a few industries that are particularly at risk.  

AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>

Over Half of Attacks Target These 3 Industries

A new report from Trellix details their analysis of ransomware attacks in the second half of 2021, and some interesting trends are apparent. Most prominently, it’s clear to see which industries are squarely in the bad guys’ sights. Over half of ransomware attacks in that period were concentrated against just three industries – banking, utilities and retail. 

Percentage of Ransomware Attack Targets 

% of total recorded attacks in 2021
Retail 16% 

How are cybercriminals delivering ransomware to businesses? IBM’s Cyber Resilient Organization Study offers a breakdown of the most likely ways that ransomware gets to targeted organizations. When considering organizations that sustained at least one ransomware attack in 2021, researchers determined that four major causes represented the catalyst for ransomware events. 

How Organizations Encountered Ransomware

Phishing or Social Engineering 45%

Insecure or Spoofed Websites 22%

Social Media 19%

Malvertisements 13%

Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>

Banking & Finance

Breaking down the numbers shows just how lopsided ransomware attacks were in late 2021. The number one target for ransomware gangs was the Banking and Finance sector. Almost one-quarter (22%) of attacks were directed at organizations in those industries. This beleaguered sector has been getting hit from all sides as bad actors have swarmed anything that even touches finance like banks, finance companies and De Fi targets. The banking industry saw a 1,318% increase in the number of ransomware attacks waged against it the first half of 2021. Banking and finance targets remain firmly at the top of the cybercriminal hit list.  

A high level of cybercrime against platforms that handle, transact and store cryptocurrency has not helped the battered finance industry’s cause. Although De Fi is frequently considered as its own animal instead of a traditional part of the financial services sector, money moves in De Fi that impacts it. Just about every week, a new De Fi platform is in the news because cybercriminals have scored another hit and made off with big sums of cryptocurrency. DeFi fraud and hacks combined for a total of $474 million lost just in the first half of 2021.  This trend was particularly apparent in late 2021 when at least one De Fi platform was getting hit every week. DeFi-related hacks made up 76% of all major hacks in 2021. That activity doesn’t appear to be slacking off either. Just in January 2022, cybercriminals have hit Qubit for $80 million and for $31 million.  

See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>


The Utilities sector was next in line, with one-fifth of ransomware attacks (20%) in the last half of the year aimed at utility companies. An analysis by Mandiant Threat Intelligence shows that over 1,300 organizations in the Utilities sector including critical services, infrastructure, and supporting industrial targets were impacted by ransomware in 2021. Even more disturbing is the fact that their analysts estimate that one out of every seven leaks from industrial organizations posted in ransomware extortion sites exposes sensitive operational technology data that could have far-reaching implications for the security of important infrastructure components. 


Retailers round out the top 3. Organizations in the Retail sector felt the brunt of 16% of ransomware attacks in late 2021. Unfortunately, that industry took a monumental beating in 2020. IBM reports that retail cyberattacks soared during the pandemic, increasing by 1280% from the beginning of 2020 to the end of the year. Retail outfits had it a bit easier in 2021, but ransomware was still a plague on the industry. The average bill for cleaning up a ransomware attack in the retail sector was an estimated $1.97 million when considerations like downtime, payroll, device cost, network cost, lost opportunity and ransom payments were taken into account.  

One attraction to these sectors for ransomware gangs is the amount of valuable data that retailers, utility providers, financial services companies and similar organizations hold. . According to an analysis in the Verizon/Ponemon Institute Data Breach Investigations Report 2021 (DBIR 2021), malware like ransomware was responsible for an estimated 30% of incidents that caused a violation of a company’s data storage integrity. Digging deeper, ransomware jumps to the top of the list again when considering reasons why a company lost control of or access to their data – 70% of data loss incidents in the study were the result of a ransomware scenario.  

These data types were involved in the most breaches, making it the data that cybercriminals are most likely to steal from an organization.   

Types of Data Stolen in Breaches   

Credentials:  60%  

Personally Identifying Data (PII):  40%  

Medical Data: 10%  

Bank Data: 10%  

Internal Data: 10%  

Payment Data: 10% 

Approximated from DBIR 2021

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

A Strong Defense is Within Reach Even on a Small Budget

Altogether, attacks against these three sectors in combination accounted for 58% of all ransomware attacks detected. Unfortunately, these sectors may be in the top spots for a while due to a dearth of resources to make needed security improvements. In a recent survey of the cybersecurity and technology woes of the banking and financial services sector, researchers determined that 43% of respondents in the financial sector said that they lacked the funds to handle their security problems. Those straitened circumstances also impact the energy industry where 28% couldn’t afford upgrades and the public sector where one-quarter of organizations lacked resources.  

But a powerful defense against phishing-related cyberattacks like ransomware doesn’t have to be expensive. AI-powered email security from Graphu is surprisingly affordable. It also saves money on tech time by automating threat discovery and analysis to ensure that techs aren’t bogged down with false alarms.

Plus, Graphus gathers its own threat intelligence using machine learning as it absorbs new information about a company’s communication patterns with every interaction. The best part? Automated email security with a solution like Graphus stops 40% more phishing messages from reaching an employee inbox than conventional security or a SEG. 

How does Graphus do it?

  • TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention.   
  • EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection.     
  • Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review. 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus