Adalyn Flats, Ground Floor, Ngong Road, Nairobimagtech@magtech.co.ke

Ransomware Attacks in 2020

4 Sectors Targeted from Ransomware Attacks in 2020

There was a marked increase in the number of ransomware attacks reported in 2020. No single business sector has been spared from the tentacles of malicious actors preying the cyberspace. 

Ransomware actors will often gain access to a targeted business network and steal data by encrypting it. Their actions will paralyze the daily operations of the business and demand a ransom. Some groups will threaten to sell or expose sensitive data on the internet. 

Reports from cybersecurity experts reveal that ransomware attacks have increased about 30 percent of all cyber-attacks in 2020. Featuring high on the ransomware variants mostly seen throughout this year were Maze, Ryuk, and Sodinokibi. It is projected that with the ever-increasing numbers of ransomware attacks, all types and sizes of businesses across all sectors will bear the impact. 

Moving into 2021, we’ll have a look at some of the most targeted sectors by ransomware attacks in 2020, like:


It has been the first market in ransomware attacks, with schools, colleges, and universities. In almost all instances, the threat actors demanded a ransom in cryptocurrency, majorly Bitcoins, from the victims. Failure to honor the ransom demand is met with the threat of exposing the stolen data of students. 

For example, the College of Social and Behavioral Sciences (CSBS) at the University of Utah paid a ransom of $ 457’059.24 to attackers that had gained access to their computing servers and encrypted data stored in them. The attackers honored their end of the bargain by providing a decryption key for the stolen data.

In the past year, the National Cyber Security Center in the U.K. has alerted educational institutions to the increased number of ransomware attacks against them. For the record, more than 86 colleges and universities and more than 1,224 schools have been suffered attacks that disrupted operations in 2020 alone. Educational institutions should be vigilant and take measures to protect them against these attacks. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) in the U.S. have pointed out that DDoS attacks, malware, and ransomware are the biggest threats to educational institutions moving into 2021. 


In the subsequent adjustments to the coronavirus pandemic’s impact, the information technology sector has suffered multiple attacks in 2020. Most corporate organizations have borne the brunt in these times, adjusting to distributed networks as employees work from home and have to defend against sophisticated attacks. 

Ransomware attacks have been rampant, targeting large organizations that will more likely pay up the ransom amounts of attackers. There has been a rise in the average size of ransom payments demanded by about 33% in 2020 compared to 2019. 

4 Sectors Targeted from Ransomware Attacks in 2020, by Alessandro Civati


A more worrying trend has been the increased number of attacks directed at hospitals and other healthcare facilities/providers. Ransomware attacks against the healthcare sector have sought to steal and exploit valuable medical data and other resources. There have been attempted attacks directed at research information to develop a COVID-19 vaccine and its deployment to hospitals. 

In the second half of 2020, a series of Ryuk ransomware attacks have affected multiple hospitals across the USA. Cybercriminals were able to compromise critical network systems of six different hospitals in a single day, causing widespread panic across the sector over theft and sensitive medical data exposure. 

The Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security (DHS), and the FBI jointly issued a red alert to all healthcare providers and healthcare facilities across the U.S. over the rising number of cybersecurity incidents. A survey has revealed that the number of data breaches in the healthcare sector has increased by 2’733% between 2009 and 2019 in the U.S. alone. That also translated to about 1.4 violations per day that exposed approximately 500 records per day. 


The retail sector has not been spared by the surging number of attacks in 2020. Ecommerce has been one area that has been exploited by malicious actors looking for critical data and significant ransom payments. 

Across the world, ransomware attacks have increased significantly. According to reports, John Wick, a threat actor group, demanded ransom for decryption keys after gaining unrestricted access to a database belonging to Paytm Mall, an e-commerce unit of Paytm, the Indian payment solutions provider. They encrypted the company’s data and demanded a ransom with threats of publicly releasing the data. Reports indicate that cybercriminals used a backdoor (Adminer) on the company’s website to gain access to Paytm Mall’s production database and compromise all accounts and related information. However, Paytm denied that their data had been compromised and said that all critical data was intact and secured. India has suffered more than 1.45 million ransomware attacks between 2015 and 2020, and these included hacking incidents, data breaches, and an assortment of other security incidents. 

In conclusion, ransomware actors have become emboldened in their nefarious activities and are demanding higher ransom figures. The use of cryptocurrency has seen the criminal openly demand huge ransoms to know that government agencies will find it difficult to trace the payments to them. These cybercriminals have found other new revenue streams, including auctioning stolen data in the dark web if they fail to receive ransom payments within the given period. Concerning ransom payment, organizations find themselves in difficult situations where they are damned if they do and damned if they don’t. Many governments have criminalized paying out a ransom to cybercriminals since it only encourages them, and the funds can be used to fund other criminal activities and terrorism. Additionally, exposure of compromised personal data attracts vast fines from the authorities for the affected organization. Companies and institutions need to implement robust cybersecurity measures to keep away malicious actors. 

Author: Alessandro Civati

Email: author.ac@bitstone.net

Feel free to share...

Comments are closed.