FBI: Critical Infrastructure Suffers Spike In Ransomware Attacks

Digital crimes potentially cost victims more than $12.5 billion last year, according to the FBI's latest Internet Crime Complaint Center (IC3) annual report. 

The Feds recorded 880,418 complaints in 2023, which represents almost a 10 percent increase in reports of crime versus a year earlier. The potential monetary loss, however, marks a 22 percent jump from 2022's figures.

Of course, these are only the crimes that victims report to the FBI — so the actual count, and money drained from victims, is likely much higher. According to Uncle Sam's own figures only about 15 percent of fraud victims actually report the crime.

The 2023 numbers [PDF] include 2,825 ransomware infections, accounting for reported losses exceeding $59.6 million. Perhaps unsurprisingly, both ransomware complaints and the money lost to extortionists increased year over year, with the number of network intrusions rising 18 percent and losses growing by 74 percent.

"Cybercriminals continue to adjust their tactics, and the FBI has observed emerging ransomware trends, such as the deployment of multiple ransomware variants against the same victim and the use of data-destruction tactics to increase pressure on victims to negotiate," according to the IC3 report.

Crooks had no qualms about infecting critical infrastructure organizations with ransomware. Of the 16 sectors that fall into this category, healthcare and public health were the hardest hit (249), followed by critical manufacturing (218) and government facilities (156). The US counts 16 industries as critical infrastructure, and 14 of these had at least one member report a ransomware attack to the IC3.

The IC3 received 1,193 complaints from organizations belonging to a critical infrastructure sector that were affected by a ransomware attack, up 37 percent from 870 in 2022. Of the 16 critical infrastructure sectors, IC3 reporting indicated 14 sectors had at least one member that fell to a ransomware intrusion in 2023. 

The five top ransomware variants infecting critical orgs, as reported to the IC3, were LockBit, ALPHV/Blackcat, Akira, Royal, and Black Basta.

We can hope that at least two of these crews, LockBit and ALPHV/BlackCat, will see declining attacks and illicit revenue as 2024 continues, following last month's swaggering takedown and trolling of at least some of LockBit's infrastructure by an international law enforcement operation. 

However, this isn't a guarantee that the criminals will scatter to the wind. 

• Uncle Sam intervenes as Change Healthcare ransomware fiasco creates mayhem
• Fidelity customers' financial info feared stolen in suspected ransomware attack
• Ransomware ban backers insist thugs must be cut off from payday
• Cybercrims: When we hit IT, they sometimes pay, but when we hit OT... jackpot

In December, a similar takedown effort seized ALPHV/BlackCat's infrastructure, and that didn't stop the miscreants from infecting more critical infrastructure victims.

Most recently, ALPHV claimed to hit mega health IT services company Change Healthcare in late February, crippling tens of thousands of pharmacies and hospitals across the US.

While that gang has seemingly disappeared after possibly receiving a $22 million ransom payment and then pulling off a half-rate exit scam, only time will tell if they come back from the dead and continue terrorizing medical organizations and other critical facilities.

While ransomware attacks garnered the most attention last year, investment scams cost victims the most in losses during 2023. Criminals pocketed at least $4.57 billion from investment fraud last year, compared to $3.31 billion in 2022, a 38 percent increase.

Within this category, investment fraud related to cryptocurrency scams increased 53 percent, to $3.94 billion in 2023.

And, as always, business email compromise (BEC) continued to prove lucrative to cybercriminals. In 2023, the IC3 received 21,489 BEC complaints with adjusted losses totaling more than $2.9 billion. ®