• Home
  • /Learn
  • /Top 3 Ransomware Targets by Industry (2021 Update!)
background image


Top 3 Ransomware Targets by Industry (2021 Update!)


In 2019, over 200,000 U.S. firms were compromised by ransomware. 2020 was even worse. In just the first half of the year, there was a 715% YoY increase in global ransomware attacks. These numbers indicate that threat actors have upped their ransomware attack game plan and the sheer number of 2021 ransomware attacks mentioned in the news indicates that these numbers are going to keep going up.

In Canada, threat actors are engaging in “Big Game Hunting (BGH)” and demanding ever-larger ransoms. Between Q4 2019 and Q1 2020, the average ransom amount increased by 33% to approximately $148,700 CAD. Even worse – multi-million-dollar ransom events have also become increasingly common.

In general, ransomware targets could be small businesses, mid-sized companies or large enterprises from any industry. However, some industries are more vulnerable than others.

Here are the three industries that are particularly vulnerable to becoming ransomware targets and victims.

#1. Healthcare

In recent times, the healthcare industry has become a top ransomware target. One reason for this surge is rooted in the COVID-19 pandemic. Since healthcare organizations like hospitals and testing centers need to continue operations to treat COVID-19 patients and save lives, they cannot afford to have their systems locked out. Consequently, they are more likely to pay a ransom.

In 2019 and 2020, many Canadian health organizations were ransomware victims, including three Ontario hospitals, a diagnostic and specialty testing company, and a medical company in Saskatchewan. The Communications Security Establishment (CSE), Canada’s cryptologic agency, warns that cyber threat actors will continue to target hospitals, medical clinics, and other front-line services in Canada and elsewhere in the coming years. It also recommends that these organizations remain vigilant and apply strong cybersecurity controls like network log monitoring, employee education, and secure teleworking practices to minimize their vulnerability to ransomware attacks.

#2. IT

COVID-19 has forced many organizations globally to shift to remote work models. This has made it easier for attackers to explore IT gaps and find vulnerable ransomware targets. The 2021 Ransomware Threat Report found that between 2019 and 2020, the IT sector saw a 65% increase in ransomware incidents. Considering that IT plays a critical role in ensuring business continuity in every industry, this is a worrying statistics.

In late 2020, IBM Security X-Force analyzed ransomware attacks during the year and found that 41% of these attacks targeted organizations with operational technology (OT) networks. Considering that IT and OT systems are increasingly converging – in industries like manufacturing, utilities, energy, and transportation – IT (and OT) professionals should take cognizance of these realities.

When targeting IT systems, ransomware operators typically employ malicious emails containing pandemic-based subject lines to disarm victims and then take control of their devices and data.

#3. Manufacturing and Industry 

Industrial control systems (ICS) monitor and control physical equipment in industrial operations. In recent years, cybercriminals have increasingly targeted ICS with ransomware attacks. ICS systems in developed countries are particularly attractive ransomware targets, with such attacks increasing in 2020 by 0.25% in Canada and the U.S. This is because attackers prefer to target industrial organizations operating in economically stable countries that can pay the ransom.

The Canadian Centre for Cyber Security has predicted that hackers will increase the pressure on critical infrastructure and heavy industry victims to pay hefty ransoms over the next few years. For this, ICS systems will be their primary ransomware target.

Other At-risk Ransomware Targets

Many other industries are also at risk of ransomware attacks, including:

  • Government

  • Banking, Financial Services and Insurance (BFSI)

  • Education

  • Legal

  • Public Infrastructure

  • Energy and Utilities

and surprisingly,

  • Farming and Food Production

In 2019 and 2020, 78% of U.S. states had at least one municipality affected by a ransomware attack. Canadian government organizations are also at risk. Since 2019, multiple Canadian provincial governments that refused to give into criminals’ ransom demands have publicly leaked their data.

The education sector has also become an attractive ransomware target. The increased demand for remote learning solutions has increased the surface area for ransomware attacks – as an American school in Mississippi recently found. To recover their files, they had to pay a $300,000 ransom.


To avoid becoming ransomware targets – or worse, victims – adequate preparation is critical for today’s organizations. Companies must educate their staff to raise awareness about ransomware. They must also consider issues related to data governance, protection and ransomware payments and develop a robust incident response plan. Regular backups, Endpoint Detection and Response (EDR) solutions, software patching and penetration testing, should all be considered and implemented.

To deal with a complicated problem like ransomware, organizations need a multi-pronged strategy. Packetlabs can help you design your anti-ransomware strategy focusing on penetration testing, managed security, application security and other vital services. Get in touch to know more.