Thousands of US Public Sector Ransomware Victims in 2021
An estimated 2323 local governments, schools and healthcare providers in the US were compromised by ransomware in 2021 after another bumper year for financially motivated attackers, according to Emsisoft.
The security vendor claimed in its latest research that healthcare providers (1203) were the most affected by such attacks during the year, followed by schools (1043) and finally state and municipal governments and agencies (77).
However, despite most attacks today resulting in double extortion, where victims have data stolen and are extorted with the threat of it being published online, just 118 of the 2323 attacks listed resulted in data breaches.
Despite the relatively high headline figures for ransomware compromises, the numbers are somewhat positive, claimed Emsisoft.
For example, 113 government bodies were hit in both 2019 and 2020, while the number of schools impacted in 2020 was a much higher 1681. In 2020, more healthcare providers were targeted (80 versus 68 in 2021), but fewer sites were impacted (560).
Emsisoft explained that the numbers quoted are “minimums” as not all incidents from last year were disclosed, while others were not labeled explicitly as “ransomware.” The report also omitted supply chain attacks such as the breach at payroll firm Kronos, which impacted multiple public sector organizations.
Nevertheless, it claimed things are moving in the right direction, with threat actors no longer acting with impunity.
“The May attacks on Colonial Pipeline and JBS – which is responsible for around 20% of the global meat supply – seemed to finally focus governments’ attention on the ransomware problem and there has since been multiple initiatives and actions aimed at both bolstering security domestically and at putting more risk in the risk-reward ratio,” it concluded.
“Ransom payments have been recovered, gangs have been disrupted and arrests have been made. Perhaps most significantly, Russia arrested multiple members of REvil, one of the most active operations, in January 2022 at the request of the US, possibly indicating that the country may now be less of a safe haven for cyber-criminals.”