Ransomware Attacks Stabilizing As Organizations Implement Improved Security Controls

Data from a new survey suggest that ransomware attacks on healthcare organizations have declined compared to 2021. According to Emsisoft, the number of attacks reported across all industry sectors appears to be leveling off or decreasing. This follows a record high in 2021, when ransomware attacks on healthcare organizations were particularly prominent. While it is difficult to obtain an exact number of ransomware attacks, the available data suggest that the trend is on the decline.

The survey was conducted by Censuswide on behalf of Delinea and included 300 IT decision-makers from a variety of industries, and suggests a 60% decrease in attacks between the two years. Between 2021 and 2022, the number of ransomware attacks experienced by organizations in the US dropped from 64 percent to 25 percent. Smaller medical practices providing telehealth services are the primary target of the Hive ransomware group, according to recent reports. However, larger organizations still seem to be the preferred victims of ransomware gangs. The Delinea survey found that 56% of the organizations that were hit with a ransomware attack in the past year had 100 or more employees.

In 2021, the Conti ransomware operation was a major player in ransomware attacks, however it abruptly disbanded early in 2022. According to GuidePoint Security, there was a 53% decrease in ransomware attacks by Conti and LockBit, however attacks only dropped by 7% overall. Delinea suggests that the closure of this major operation may have contributed to the overall decreased numbers as well as improved security controls and the shift of some ransomware gangs to extortion-only operations, where data is stolen and threats are made to release it publicly for a ransom, but no encryption is required. This type of attack might not even be classified as a ransomware attack, which could explain the smaller decrease than expected. The Hive ransomware gang’s messages were intercepted in 2022, which suggests their victims were not willing to pay the demanded ransoms. This was supported by Delinea surveys that showed 68% of organizations paying ransoms in 2022, a decrease from the 82% in 2021. Research also showed the damaging effects of a ransomware attack: 56% of respondents reported suffering a revenue loss, 50% lost customers and 43% endured reputational damage, a drop from the 51% in 2021.

It appears that attitudes regarding ransomware attacks have shifted. In 2021, 88% of evaluated firms refused to pay ransom upon experiencing an attack, but that figure has now dropped to 63%. The reason for this could be the reduction in ransomware incidents, however it is also worrying to see investments to protect from these types of attacks decreasing from 93% to 68%. Furthermore, only half of polled companies have implemented systems such as secure passwords (51%) or two-factor authentication (50%), as a way to mitigate potential ransomware attacks. In addition, the percentage of companies with a pre-prepared plan of action if hit by ransomware has declined from 94% to 71%.