According to the “The State of Ransomware in the US: Report and Statistics 2022” report published by Emsisoft, the number of ransomware attacks against government, education and healthcare sector organizations is quite similar to the number of attacks in previous years.
The report aggregates data from disclosure statements, press reports, Tor leak sites, and third-party information feeds. Experts pointed out that some incidents will have escaped their attention and so the figures reported in the study could be just the tip of the iceberg.
It is important to note that figures reported in the study were dramatically affected by a single incident in Miller County, AK, where an infection of a mainframe caused the compromise of endpoints in 55 different counties.
Below are the attacks reported by Emsisoft:
“When it comes to cybersecurity incidents, it has always been hard to get accurate statistical information.” reads the report published by Emsisoft. “What data is available is based largely on publicly available reports, but not all incidents are made public, even in the public sector and, consequently, the true number of incidents in all sectors of the economy is and has always been higher than reported.”
The ransomware attack against local governments resulted in data theft in at least 27 of the 105 incidents (26 percent). The only local government known to have paid a ransom in 2022 was Quincy, MA., which paid a $500,000 ransom.
In 2022, 89 education sector organizations were impacted by ransomware, while in 2021 the number of impacted organizations in the same industry was 88.
In at least 58 incidents (65 percent) the experts reported data breaches.
The most severe incident in 2022 was suffered by the Los Angeles Unified School District, which is the second-largest district in the U.S.
The report also states that 25 ransomware attacks involved hospitals and multi-hospital health systems, potentially impacting patient care at up to 290 hospitals.
The most significant incident of 2022 was the attack suffered by CommonSpirit Health, which resulted in the exposure of the personal data of 623,774 patients.
In at least 17 incidents (68 percent), threat actors exfiltrated data including Protected Health Information (PHI).
“Early ransomware attacks were simple and mostly automated. However, today’s attacks are often complex, human-directed events in which data is exfiltrated and encryption, if it happens at all, is the very last step in the attack chain.” concludes the report. “A better way of thinking about incidents is simply “data extortion events.” “Encryption-based data extortion” and “exfiltration-based data extortion,” which are not mutually exclusive, are subcategories to that.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, malware)
[adrotate banner=”5″]
[adrotate banner=”13″]