Ransomware Attacks Drop by 23% Globally but Increase by 328% in Healthcare

SonicWall has released a mid-year update to its 2022 Cyber Threat Report, which highlights the global cyberattack trends in H1 2022. The data for the report was collected from more than 1.1 million global sensors in 215 countries and shows a global fall in ransomware attacks, with notable increases in malware attacks for the first time in 3 years.


SonicWall reports a 23% fall in ransomware attacks globally in H1 2022, which fell to 236.1 million attempted attacks, continuing the downward trend that has been observed for the previous four quarters. June 2022 saw the lowest number of ransomware hits in the past 23 months. While ransomware attacks are down overall, that is not the case for the healthcare industry, which saw a 328% increase in attacks in H1 2022.

While the reduction in attacks is certainly good news, it should be noted that the year-to-date figures for ransomware attacks are still higher than they were in all of 2017, 2018, and 2019. In the United States, SonicWall recorded an average of 707 ransomware attempts per customer in the first half of 2022. SonicWall attributes the decrease in attacks to the combination of geopolitical forces, volatile cryptocurrency prices, and an increased government and law-enforcement focus on ransomware gangs.


Ransomware attacks had increased for two straight years, but malware attacks have been at very low levels, with 2021 seeing malware attacks hit a 7-year low. H1 2022 has seen a sharp increase in malware attacks, with 11% more attacks than H1 2021, reaching 2.8 billion in H1 2022 with an average of 8,240 attempts per customer. There was a marked rise in never-before-seen malware variants in 2022, which increased by 45% from H1 2021. Cryptojacking has increased by 30% compared to H1 2021, even with the sharp fall in the value of cryptocurrencies. Cryptjacking attacks in healthcare fell by 87%.

Please see the HIPAA Journal Privacy Policy

The biggest increase in malware was seen in IoT malware, which increased by 77% increase from H1 2021 with 57 million detections, which was the highest rate of detection since the attacks started to be tracked by SonicWall. The number of hits in H1 2022 was only slightly lower than the total hits recorded in all of 2021. IoT attacks in the United States increased by 228% in June and IoT malware attacks in healthcare increased by 123%.

Malicious Files

SonicWall reported in its mid-year 2021 update that there had been a 54% fall in the number of malicious Office files and a 13% drop in malicious PDF files, but the fall in number was short-lived, with this year seeing an increase in malicious file detections. In the first half of 2022, detections of malicious Office files increased by 18%, and malicious PDF file detections increased by 9%. PDF files now account for 18% of malicious file types, with Office files accounting for 10%, with more than 84% of malicious Office files being Excel files. Excel Macro 4.0 (XLM) files are the most common, accounting for 64% of malicious Excel files. Executable files are still the most common malicious file types, accounting for more than one-third of malicious files.

Encrypted Attacks

SonicWall observed a 132% increase in encrypted attacks in H1 2022, continuing the trend of the past two years. May 2022 was the second highest month for malware over HTTPS ever recorded. Encrypted threats were most prevalent in the United States, and accounted for 41% of the global volume, with a 284% increase over the corresponding period last year. Encrypted attacks in healthcare fell by 6%.

Intrusion Attempts

Intrusion attempts rose by 18% globally in H1 2022, but the number of malicious intrusions fell by 19%. However, in North America, there was an increase in intrusion attempts but the attacks appear to have peaked in June. Intrusion attempts increased by 39% in healthcare, 46% in government, and 200% in retail. Even with these increases, the H1 2022 figures are lower than they were in 2021.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.