Dive Brief:

• More than 2 in 5 ransomware attacks reported to the FBI in 2023 targeted organizations in a critical infrastructure sector, the agency said Thursday in its annual Internet Crime Report.
• Of the 2,825 ransomware attacks reported to the FBI last year, 1,193 hit critical infrastructure organizations. The proportion of ransomware attacks hitting critical infrastructure grew from one-third of attacks reported to the FBI in 2022.
• Losses reported from ransomware attacks jumped 74% to almost $60 million last year. Ransomware attacks were also up 18% from the previous year.

Dive Insight:

Examples of the operational impacts caused by ransomware attacks against critical infrastructure are abundant, as seen with the ongoing recovery efforts at Change Healthcare. The IT platform, which is widely used and intertwined throughout the healthcare sector, remains largely non-operational almost three weeks after AlphV intruded the company’s IT systems.

But businesses hit by ransomware attacks aren’t doing enough to report incidents to the FBI.

“As impressive as these figures appear, we know they are conservative regarding cybercrime in 2023,” the agency said in the report. “Consider that when the FBI recently infiltrated the Hive ransomware group’s infrastructure, we found that only about 20% of Hive’s victims reported to law enforcement. More reporting from victims would mean superior insight for the FBI.”

While some critical infrastructure sectors such as healthcare and manufacturing are extensively targeted by ransomware operators, every industry has been hit, according to the FBI. “Of the 16 critical infrastructure sectors, Internet Crime Complaint Center reporting indicated 14 sectors had at least 1 member that fell to a ransomware attack in 2023,” the report said.