Cyber criminals back on the front foot after modest 2022
2023 proved a milestone year for ransomware. Not only did cyber criminals collectively pocket a record $1.1 billion from victims, but a new report suggests the scale and complexity of these attacks are increasing.
Ransom payments nearly doubled last year compared with $567 million in 2022. Attackers have intensified their activities, increasingly targeting large institutions, hospitals, schools and government agencies, according to a report by Chainalysis.
According to cyber security company Emsisoft, 46 hospital systems in the United States alone were hit by ransomware in 2023. This is up from 25 in 2022 and 27 in 2021. Schools are also increasingly becoming victims of ransomware.
Cybersecurity firm Recorded Future reported no fewer than 538 new ransomware variants in 2023.
However, these estimates are likely conservative. The attack on Las Vegas entertainment company MGM alone cost the company more than $100 million in lost revenue, including $10 million in cleanup costs. The company did not pay a ransom.
So why was 2023 such a banner years, especially in comparison to 2022? Analst house Chainalysis attributes the decline in activity largely to the Russian-Ukrainian conflict where hackers shifted their focus from financial gain to politically motivated cyber attacks aimed at espionage and destruction. With many ransomware attackers based in Eastern Europe it’s likely many were called up for military service.