Ransomware attacks are becoming more frequent, more sophisticated and more costly, according to the FBI’s 2023 Internet Crime Report. The recent FBI report shows some alarming statistics about the expensive impacts of ransomware last year.
A Steep Rise in Attacks and Losses
The FBI’s 2023 Internet Crime Report says ransomware incidents increased by 18% from 2022 to 2023, with over 2,825 complaints received. The official reported losses from ransomware attacks also jumped a staggering 74%, from $34.3 million in 2022 to $59.6 million in 2023. Putting this in perspective, the FBI’s Internet Crime Complaint Center received an average of 2,412 ransomware complaints daily in 2023, with over 758,000 complaints per year on average over the last 5 years. Since its inception, the IC3 has recorded over 8 million total cyber crime complaints.
New Disturbing Ransomware Trends
The report highlights some emerging and deeply concerning trends in ransomware. Cyber criminals are now deploying multiple different ransomware variants against single victims to make attacks more potent. They are also using “data-destruction tactics” to create more urgency and pressure victims to pay up.
Critical Infrastructure Targeted
Per the FBI report, ransomware groups persistently targeted critical infrastructure organizations in 2023. The Internet Crime Complaint Center received 1,193 ransomware attack complaints from critical infrastructure entities like hospitals, utilities, and financial services. The most prevalent strains were LockBit, ALPHV/BlackCat, Akira, Royal, and Black Basta.
The Healthcare Sector Suffers
Healthcare and public health took the hardest hit, with 249 incidents reported. One serious case involved Ardent Health Services, where a November ransomware attack forced hospitals across three states to divert emergency patients. Tragically, this attack is estimated to have indirectly caused between 42-67 patient deaths due to inaccessible medical data.
The Threat of Intermittent Encryption
Top ransomware attacks are now relying on “intermittent encryption” which allows them to quietly corrupt data by encrypting just the first few kilobytes of files. The report says this method “minimizes entropy changes and evades detection” by avoiding major file changes that could trigger security alerts.
Moving Forward With Resilience
While prevention is crucial, the report makes clear that comprehensive ransomware readiness is needed. The FBI states “paying ransom may embolden adversaries” so the focus must be on prevention plus rapid recovery capabilities to restore data without paying cyber criminals.
The 2023 crime statistics reveal the escalating ransomware threat facing organizations across sectors. With average daily complaints exceeding 2,400 and over 758,000 yearly complaints, the FBI report suggests entities must prioritize prevention alongside efficient data recover-ability to stay resilient against even the wiliest cyber criminal tactics.
