Ransom DDoS attacks surged in final quarter of 2021

Ransom DDoS attacks increased by 29% YoY and 175% QoQ in the last quarter 2021, according to new research from Cloudfare.

The first half of 2021 witnessed massive ransomware and ransom DDoS attack campaigns that interrupted aspects of critical infrastructure around the world (including one of the largest petroleum pipeline system operators in the US) and a vulnerability in IT management software that targeted schools, public sector, travel organisations, and credit unions.

The second half of the year recorded a growing swarm of one of the most powerful botnets deployed (Meris) and record-breaking HTTP DDoS attacks and network-layer attacks observed over the Cloudflare network. This besides the Log4j2 vulnerability (CVE-2021-44228) discovered in December that allows an attacker to execute code on a remote server — arguably one of the most severe vulnerabilities on the Internet since both Heartbleed and Shellshock.

Prominent attacks such as the ones listed above are but a few examples that demonstrate a trend of intensifying cyber-insecurity that affected everyone, from tech firms and government organisations to wineries and meat processing plants.

According to Cloudfare,Q4 21 was the busiest quarter for attackers in 2021. In December 2021 alone, there were more than all the attacks observed in Q1 and Q2 21 separately. And one out of every three survey respondents reported being targeted by a ransom DDoS attack or threatened by the attacker.

While the majority of attacks were small, terabit-strong attacks became the new norm in the second half of 2021. Cloudflare automatically mitigated dozens of attacks peaking over 1 Tbps, with the largest one peaking just under 2 Tbps — the largest the company says it has ever seen.

The Manufacturing industry was the most attacked in Q4 21, recording a whopping 641% increase QoQ in the number of attacks. The Business Services and Gaming/Gambling industries were the second and third most targeted industries by application-layer DDoS attacks.

Q4 21, and November specifically, recorded a persistent ransom DDoS campaign against VoIP providers around the world.


For the fourth time in a row this year, China topped the charts with the…