Cyberthreats are constantly evolving, but ransomware attacks have persisted as one of the most pervasive and destructive varieties. In fact, according to Statista, the share of organizations worldwide affected by ransomware attacks has increased year over year since 2018, reaching 72.7% in 2023.
During a ransomware attack, cybercriminals use phishing or other methods to remotely install malicious software that encrypts data or disables systems. The ransomware operator then demands payment in exchange for decrypting the data or restoring access. These incidents are often accompanied by double extortion tactics, where the cybercriminal also threatens to expose, sell, or delete the stolen data.
However, there is no guarantee attackers will do what they promise if they get paid. Additionally, the United Nations Office on Drugs and Crime advises against paying a ransom. Whether or not a ransom is paid, a ransomware attack can be very costly, comprising response and restoration services—and it is only getting costlier.
It costs companies $1.82 million on average to recover from a ransomware attack, according to Sophos’ 2023 State of Ransomware survey. Industries handling large amounts of sensitive data, or providing critical services, often emerge as primary targets for cybercriminals considering the stakes involved. In fact, of the 2,385 ransomware complaints the FBI’s Internet Crime Complaint Center received in 2022, 870 were among business sectors characterized by the government as critical infrastructure—affecting 14 of the 16 critical sectors.
Drata used FBI data to identify the five critical infrastructure sectors that faced the most ransomware attacks in 2022. In its report, the FBI acknowledges that not all ransomware attacks have been reported to its IC3 system.