Ransomware attacks rose 73% between 2022 and 2023, according a report published Thursday by the Ransomware Task Force, part of the Institute for Security Technology, a Washington D.C. think tank.
The annual report, which includes a map of global ransomware incidents and identifies ransomware trends based on reporting of double-extortion attacks — in which cybercriminals demand ransom payments from victims to keep their data private and off the dark web — found there were 6,670 ransomware incidents in 2023, with more than 2,800 incidents just in the United States.
The report suggests that last year’s rise in ransomware attacks shows that government efforts to combat cyberattacks, including Biden’s National Security Strategy and grants by the Cybersecurity Infrastructure and Security Administration, did not significantly reduce the profitability of ransomware.
“The dip in ransomware attacks that happened in 2022 is likely due to many geopolitical factors, including, probably most predominantly, the Russian invasion of Ukraine, which shifted resources for a lot of actors,” said Taylor Grossman, deputy director for digital security at the Institute for Security Technology. “I think 2023 demonstrates a rise and an increase in ransomware that sort of fits into the broader trend we’ve been seeing over the last few years.”
The report refers to the trend of “big game hunting,” in which cybercriminals target high-value and high-risk organizations, such as construction businesses, health care industries, financial institutions, higher education institutions and government organizations to extract big payments. It also highlights the 2023 cyberattack on the file-transfer software Moveit, which targeted remote access applications and VPNs of large institutions, allowing ransomware groups to collect sensitive data and ransomware payments.
Trevaughn Smith, a digital security associate at IST, told StateScoop targeting high-value organizations is profitable not only because they want to keep sensitive data private, but because for some organizations, especially in the medical industry, paying a ransom is necessary to avoid downing their systems, which can have life-threatening consequences.
“Critical infrastructures such as hospitals and health care can’t afford to have downtime,” Smith said. “There are lives at risk, and particularly financial implications for the small regional hospitals that may not necessarily have the cash reserves to not have a constant profit coming in, so that adds to the pressure when it comes to victims.
“The map definitely demonstrates that there is still a lot of money to be made in very traditional phishing and business email compromise attacks and a lot of ransomware actors don’t need to use those kind of sophisticated techniques like zero-day vulnerabilities,” Grossman said.
To combat the rise of ransomware attacks, the report calls for more collaborative incident reporting across critical infrastructure organizations, which are often siloed from one another. With a uniform reporting structure, ransomware attacks can easily be aggregated to identify trends, tactics and common actors, the report notes.
“We need a we need a clearer picture of what’s going on in order to be able to use all the policy tools and levers that we have at our disposal,” Grossman said.
The report also shows that in 2023, 117 countries experienced ransomware attacks by 66 cybercriminal groups, which Grossman said showed that no country is immune from ransomware threats, as evidenced by next week’s International Counter Ransomware Initiative, where 68 member nations will convene in Washington D.C. for the group’s annual gathering, an event that has doubled in size since 2021.
Though the Ransomware Task Force’s 2024 report will not be released until next year, Grossman said the institute is gathering data to assess the long-term impacts of major ransomware disruption efforts such as the LockBit takedown earlier this year, in which the FBI obtained 7,000 LockBit ransomware decryption keys.
The cybersecurity firm Sophos last month published a report showing that ransomware attacks are becoming less frequent, but more costly, in the United States.