New research from cloud encryption specialist NordLocker looks at which industries are the most popular targets for ransomware, analyzing 1,200 companies hit by 10 infamous ransomware gangs in 2020 and 2021.

Perhaps surprisingly the construction sector tops the list with 93 attacks, followed by manufacturing on 86, finance on 69, healthcare on 65, and with education rounding out the top five on 63.

Among the hacked companies discovered by NordLocker's research, are not only large organizations, such as a global hotel chain, an automotive conglomerate, or a world-wide clothing brand, but also small family-owned and operated businesses like an Italian restaurant or a local dental clinic.

"It is surprising how many companies still take cybersecurity for granted, 'inviting' hackers to exploit their vulnerabilities," says Oliver Noble, cybersecurity expert at NordLocker. "When successfully attacked, companies get all their employee data, customer details, client agreements, patents, and other valuable business information inaccessible and threatened to be stolen, leaked, or destroyed for good. To avoid the doomsday, i.e. having business operations put to a standstill, damaged reputation, loss of clients, tiresome legal battles, and huge fines, some organizations are left with no choice but to pay ransom to get the decryption key."

The report also looks at the attackers, with the most prolific ransomware family being Conti, with 450 attacks to its name. REvil (210 hacks), DopplePaymer (200), and PYSA (188) are also among the most famous and active cybercrime groups.

The top five countries where businesses get attacked most are the US (732 cases), UK (74), Canada (62), France (58), and Germany (39).

"Internationally operating law enforcement groups work hard to shut ransomware infrastructure down," says Noble. "Just last week it was reported that a joint operation put REvil's servers offline. However, the Russian ransomware-as-a-service gang is expected to re-emerge. Ransomware is no longer what only skilled hackers are capable of. Any paying user, aka affiliate with little technical knowledge, can use the subscription-based model to employ already-developed tools to execute ransomware attacks against businesses."

You can read more on the research and get tips on protecting your business on the NordLocker site.

Photo Credit: LeoWolfert/Shutterstock