Q3-2021 Global Ransomware Report

In the third quarter of 2021, Cyble Research Labs has observed many changes in the way that Ransomware groups have been operating.

Between the industry-wide coverage, detailed analyses and even media coverage of these attacks, Threat Actors are increasingly aware that Ransomware attacks are under intense scrutiny by private and governmental entities. This is something we have observed them adapting to in the ways that they are using more sophisticated TTPs by bypassing enhanced security methods.

Our analysis indicates that Threat Actors are constantly evolving, adapting to security measures and using more sophisticated techniques to conduct ransomware attacks. Since Q2, they have also been conducting in-depth research into their potential targets before executing Ransomware attacks. In some cases, they are even trying to leverage insider contacts in their target firms to assist them in carrying out these attacks.

Read our detailed breakdown of Ransomware attacks in Q3 2021, the changes from the last quarter as well as our predictions for the future of Ransomware in the report below.

Recent Blogs


Cyble analyzes MOVEit Transfer vulnerability and observes active exploitation in the Cyble Global Intelligence Sensors (CGSI).

Read More »
NoEscape RaaS

CRIL analyzes the newly advertised ‘NoEscape’ Ransomware-as-a-Service (RaaS) program that claims to facilitate sophisticated extortion operations using an advanced, indigenously developed ransomware strain.

Read More »
SharpPanda APT G20 Blog

Cyble analyzes SharpPanda, a highly sophisticated APT group utilizing spear-phishing tactics to launch cyberattacks on G20 Nation officials.

Read More »
Scroll to Top