The Federal Bureau of Investigation’s Assistant Director of Cyber Bryan Vorndran describes … More
Ransomware continues to dominate headlines as one of the most pervasive threats to businesses across the globe. Ransomware attacks have grown in complexity and audacity, targeting various industries and causing substantial financial, operational and reputational damage. The numbers are staggering: the Federal Bureau of Investigation’s Assistant Director of Cyber Bryan Vorndran describes ransomware as the agency’s “most high-profile cybercriminal threat,” with over 2,800 incidents reported in 2023. However, the full scale of the problem is likely much more extensive, as the FBI’s infiltration of the Hive ransomware group revealed that only 20% of the group’s victims reported their cases to law enforcement.
Ransomware’s Expanding Reach
Ransomware attacks are no longer limited to encrypting data for ransom. Criminals have embraced “dual extortion,” where they steal sensitive information in addition to locking systems. Victims face not only the loss of access to their data but also the threat of their most confidential information being sold on the dark web or publicly exposed.
In its 2024 Ransomware Risk Report, software security company Semperis underscored the ubiquity of the threat – of 900 IT and security leader survey respondents, 83% reported being targeted in the past year. Alarmingly, 74% of those targeted faced multiple attacks within the same 12 months. Despite these statistics, only 30% of businesses plan to increase their cybersecurity budgets, suggesting a troubling gap between awareness and action.
The healthcare sector has been particularly vulnerable, with bad actors exploiting the critical nature of its operations. “Ransomware actors are the lowest of the low, prioritizing attacks on organizations where downtime cannot be tolerated – such as hospitals and emergency services – and wreaking havoc on public safety,” Vorndran told Forbes, citing vital necessities such as medical care, water, and power. In 2023, the healthcare and public health sector experienced the greatest number of attacks in the Cybersecurity and Infrastructure Security Agency’s 16 critical infrastructure sectors.
High-Profile Ransomware Attacks
Recent major ransomware incidents underscore the widespread and multifaceted nature of the threat:
- Ascension Health: One of the largest healthcare systems in the United States fell victim to a ransomware attack this May that disrupted services and compromised patient care. The breach exposed sensitive medical data and raised questions about the industry’s preparedness.
- Los Angeles Unified School District (LAUSD): The second-largest school district in the country suffered a ransomware attack in 2022 that caused massive operational disruption. Sensitive student records were stolen, and the attackers leveraged the threat of exposure to demand ransom.
- Frontier Communications: This telecommunications giant faced an attack that compromised internal systems, disrupting service delivery and exposed personal data of 751,000 customers in April.
Ransomware’s Economic Toll
The financial impact of ransomware is immense. According to the Semperis report, ransomware exposure costs U.S. businesses an estimated $124.2 billion annually. Yet, monetary costs are only part of the equation. The report highlights that even paying the ransom doesn’t guarantee recovery; 35% of victims reported receiving either unusable decryption keys or none at all.
Software security company Semperis CEO Mickey Bresman
“Paying ransom is not doing anyone any good,” Semperis CEO Mickey Bresman told Forbes. “The cost of what you pay to a ransomware group is not where the damage will end. And certain attacks aren’t money-driven; rather they aim to cause chaos and disruption.”
Ransom payments and the loss or exposure of sensitive information are not the only costs. The Semperis report found that companies hit by ransomware experienced brand damage, lawsuits, regulatory fines, temporary or even permanent closures and more. Furthermore, it found that ransom payments did not guarantee that decryption keys would be sent – or even work if they were – and that “many attacks also insert malware or backdoors to future attacks.”
Chris Inglis, former U.S. National Cyber Director and Deputy Director of the National Security … More
“This is not a one-time or time-limited event that you can quickly address and then move on from,” notes Chris Inglis, who previously served as U.S. National Cyber Director and former Deputy Director of the National Security Agency. “This is a life-changing event that has enduring, lingering effects. Loss of customer trust, loss of cyber insurance, regulatory prosecution – that scrutiny never goes away.”
Ransomware Resilience
Yet the ransomware exposure may be declining. John Frazzini is president and CEO of X-Analytics and a former U.S. Secret Service Agent specializing in international cybercrime. He told Forbes that his company analysis showed a 20% decline in ransomware exposure since March 2024, as measured as a percentage of annual revenue. Cyber insurers increasingly refuse to pay extortion demands, pushing companies to focus on mitigation and recovery strategies. “The trend is for insurers not to pay extortion payments, and this shift is partly responsible for the decline in ransomware exposure this year,” Frazzini said.
President and CEO of X-Analytics John Frazzini
MGM Resorts is one example of corporate resilience in the face of ransomware. “MGM was able to build resilience, manage the financial exposure and get back in business without paying the ransom demand,” Frazzini noted to Forbes. Costs and expenses were publicly disclosed at $110 million, with most of that expected to be covered by insurance. “It was managed exceptionally well,” Frazzini said. “MGM is a tremendous ransomware success story.”
Ransomware is a strategic risk that affects all aspects of an organization and all industries. From financial losses to operational paralysis and reputational harm, the stakes are high. As Vorndran put it, “The threat is real, persistent, and absolutely crippling to victims.” Addressing this threat requires a comprehensive approach that includes technical defenses, organizational readiness and strategic foresight.
Did you enjoy this story? Don’t miss my next one: Use the blue follow button at the top of the article near my byline to follow more of my work and check out my other columns here.