Increasing Frequency of Ransomware Attacks Targets Crucial Infrastructure, According to the FBI
In a concerning development, the healthcare sector has emerged as the most vulnerable to ransomware attacks among critical infrastructure sectors, according to the FBI's 2023 Internet Crime Report.
Last year, 14 out of the 16 critical infrastructure sectors had at least one member that fell victim to a ransomware attack, with the health sector being the hardest hit. A total of 1,193 ransomware attacks were reported to the FBI, and 41% of these attacks targeted critical infrastructure organizations.
Ransomware gangs such as BlackSuit and Royal have persistently targeted critical infrastructure sectors, including healthcare, due to their reliance on older, less secure industrial control systems. The extreme consequences any disruption causes to public safety and health services make these sectors particularly attractive targets.
These attacks often employ double-extortion tactics, encrypting data and threatening to leak sensitive patient information, which coerces faster ransom payments. The health sector's critical and sensitive nature, coupled with the need for uptime and the traditionally outdated systems, make it a lucrative and vulnerable target.
Other heavily targeted sectors include energy, government, public safety, and education, all facing disruption threats with potentially wide-reaching societal consequences.
The ongoing recovery efforts at Change Healthcare, a widely used IT platform in the healthcare sector, serve as a stark example of the operational impacts caused by ransomware attacks against critical infrastructure.
Law enforcement and cybersecurity agencies have emphasized the urgent need for proactive disruption of ransomware networks targeting these sectors. Global efforts are underway to dismantle criminal infrastructure behind such attacks, including the seizure of servers and digital assets used by groups like BlackSuit.
Despite the heightened threat, every industry has been hit by ransomware attacks. More reporting from victims to law enforcement would mean superior insight for the FBI, but unfortunately, only about 20% of Hive's victims reported ransomware attacks to law enforcement.
The proportion of ransomware attacks hitting critical infrastructure grew from one-third of attacks reported to the FBI in 2022. Losses reported from ransomware attacks jumped 74% to almost $60 million last year, underscoring the financial impact of these attacks.
The FBI's 2023 Internet Crime Report states that more than 2 in 5 ransomware attacks targeted organizations in the critical infrastructure sector. However, the report does not indicate any changes in the targeting of specific sectors in 2023 compared to previous years.
The IT platform of Change Healthcare, widely used in the healthcare sector, remains largely non-operational almost three weeks after an AlphV intrusion, providing a stark reminder of the ongoing threat and the need for vigilance in the fight against ransomware attacks.
- The FBI's 2023 Internet Crime Report suggests a significant concern, with the health-and-wellness sector becoming the most vulnerable to ransomware attacks among critical infrastructure sectors, mainly due to the sector's older, less secure industrial control systems and the extreme consequences any disruption could have on public safety and health services.
- In addition to the health sector, ransomware groups such as BlackSuit and Royal continue to persistently target critical infrastructure sectors, including technology, energy, government, public safety, and education, highlighting the need for proactive cybersecurity measures and the dismantling of criminal infrastructure behind such attacks.
- The government, law enforcement, and cybersecurity agencies are working collectively to combat ransomware attacks targeting critical infrastructure sectors, including seizing servers and digital assets used by groups like BlackSuit, but the ongoing threat remains, as seen by the ongoing non-operational status of Change Healthcare's IT platform in the healthcare sector, almost three weeks after an AlphV intrusion.
