KELA Releases Annual Cybercrime Intelligence Report: Beware. Ransomware. Top Trends of 2021

Cybercrime Intelligence

KELA, the leading provider of cybercrime threat intelligence, has released their annual intelligence report, Beware. Ransomware. Top Trends of 2021.  

In this report, KELA provides insights into ransomware victims, recaps activity of ransomware groups in 2021 — both in terms of their attacks and presence on cybercrime forums — and shares exclusive findings about the collaboration of ransomware actors with other cybercriminals.

"In 2021, ransomware attacks continued to be one of the most prominent threats targeting businesses and organizations worldwide," said David Carmiel, CEO of KELA. "For the second year, we have developed this report to empower organizations with cybercrime threat intelligence and take away fear of unknown cybercrime digital threats as threat actors are not only becoming more technologically sophisticated but are also leveraging the growing cybercrime ecosystem to find new partners, services and tools for their operations." 

Key findings include: 

  • In 2021, ransomware activity increased significantly: the number of attacked companies found in KELA's sources increased almost twofold — from 1460 to 2860 victims.
  • 65% of ransomware blogs and data leak sites monitored in 2021 emerged that same year.
  • The most targeted countries correlate with the most developed markets in Europe and North America: U.S., Canada, France, UK, and Germany.
  • Almost 40 companies were compromised twice by different ransomware gangs in 2021, while 17 additional companies were attacked for a second time following an earlier compromise in 2020. It is possible that the attackers used the same initial access vector.
  • Top attackers among operators of ransomware blogs and data leak sites included Conti, LockBit, Pysa, Avaddon, and REvil (Sodinokibi). New players that pose the most significant threat are Alphv, Hive, and AvosLocker.
  • In 2021, more than 1300 access listings were posted by almost 300 Initial Access Brokers.
  • At least five ransomware operations, most of them managed by Russian-speaking actors, are buying access from IABs and using it in their attacks: LockBit, Avaddon, DarkSide, Conti, and BlackByte.

"In 2022, we expect ransomware threats to increase and attackers to continue to adopt advanced TTPs due to intensified law enforcement operations," said Carmiel.  

To read the findings in full, please visit:

About KELA

An award-winning cybercrime threat intelligence firm, KELA's mission is to provide 100% actionable intelligence on threats emerging from cybercrime. Our success is based on a unique integration of our proprietary automated technologies and qualified intelligence experts. For more information, visit

Media Contact 

Holly Hitchcock 

Source: KELA


Categories: IT Security

Tags: cybercrime, digital threats, threat intelligence

About Front Lines Media

View Website