The healthcare sector emerged as the most heavily targeted industry by ransomware attacks among critical infrastructure sectors throughout the previous year, according to data analyzed in the Federal Bureau of Investigation’s 2023 Internet Crime Report. This annual report serves as a comprehensive examination of prevailing cybercrime trends, drawing insights from complaints filed with the FBI’s Internet Crime Complaint Center (IC3). In 2023, IC3 recorded an unprecedented 880,418 complaints, marking a 10 percent increase compared to the preceding year. The financial toll of these cyber incidents skyrocketed, with total losses exceeding $12.5 billion, representing 22 percent increase in losses endured relative to the prior reporting period.
IC3 documented a total of 1,193 complaints amongst all critical infrastructure in 2023. These complaints were diverse, affecting 14 out of the 16 recognized critical infrastructure sectors. Among these, the healthcare sector emerged as one of the most severely impacted segments, registering a remarkable 249 complaints. Following closely behind was critical manufacturing, which accounted for 218 logged complaints. However, while these figures provide insights into the scale of the challenge, it is important to acknowledge that the true extent of ransomware attacks may be underestimated due to underreporting inherent to cybersecurity. The prevalence of ransomware attacks highlights the evolving threats organizations face today, particularly within the healthcare sector. Two prominent ransomware variants, LockBit and ALPHV/BlackCat, emerged as primary perpetrators in 2023. LockBit alone was associated with 175 critical infrastructure ransomware attacks reported to IC3, while ALPHV/BlackCat trailed closely behind with 100 documented attacks. This alarming trend highlights the agility and sophistication of cyber adversaries, who continuously refine their tactics to exploit vulnerabilities within critical infrastructure systems and evade detection by cybersecurity measures.
The financial losses as a result of this increase in ransomware attacks have been severe. Ransomware-related complaints increased to over 2,800 in 2023, marking an 18 percent escalation from the preceding year. Reported losses stemming from ransomware attacks soared by a staggering 74 percent, growing from $34.3 million to $59.6 million. Addressing the escalating ransomware threat has become an urgent priority, particularly as cybercriminals continually evolve their tactics. These adversaries now employ a variety of ransomware variants and data destruction techniques, intensifying pressure on their victims.
In response to the escalating ransomware threat, the FBI has increased efforts to combat cybercriminal networks and mitigate the fallout from financial fraud schemes. The establishment of the FBI’s Recovery Asset Team (RAT) in 2018 has been instrumental in streamlining efforts to freeze funds associated with cybercrime. In 2023 alone, the RAT initiated the Financial Fraud Kill Chain (FFKC) on over 3,000 incidents, resulting in the preservation of millions of dollars from financial fraud schemes. However, amidst these proactive measures, the FBI highlights the role of public engagement in reporting cyber incidents, emphasizing that collective vigilance and collaboration are necessary for safeguarding against evolving cyber threats.
