Ransomware attacks target these 5 sectors most

Cyberthreats are constantly evolving, but ransomware attacks have persisted as one of the most pervasive and destructive varieties. In fact, according to Statista, the share of organizations worldwide affected by ransomware attacks has increased year over year since 2018, reaching 72.7% in 2023.

During a ransomware attack, cybercriminals use phishing or other methods to remotely install malicious software that encrypts data or disables systems. The ransomware operator then demands payment in exchange for decrypting the data or restoring access. These incidents are often accompanied by double extortion tactics, where the cybercriminal also threatens to expose, sell, or delete the stolen data.

However, there is no guarantee attackers will do what they promise if they get paid. Additionally, the United Nations Office on Drugs and Crime advises against paying a ransom. Whether or not a ransom is paid, a ransomware attack can be very costly, comprising response and restoration services—and it is only getting costlier.

It costs companies $1.82 million on average to recover from a ransomware attack, according to Sophos' 2023 State of Ransomware survey. Industries handling large amounts of sensitive data, or providing critical services, often emerge as primary targets for cybercriminals considering the stakes involved. In fact, of the 2,385 ransomware complaints the FBI's Internet Crime Complaint Center received in 2022, 870 were among business sectors characterized by the government as critical infrastructure—affecting 14 of the 16 critical sectors.

Drata used FBI data to identify the five critical infrastructure sectors that faced the most ransomware attacks in 2022. In its report, the FBI acknowledges that not all ransomware attacks have been reported to its IC3 system.

#5. Financial services

- Ransomware attacks, 2022: 88

Financial institutions, including banks, are prime targets for ransomware attacks due to the financial assets at stake, vast amount of personal data stored, and frequency of digital transactions. A ransomware attack on a financial service can disrupt day-to-day operations, like transactions, and expose sensitive customer information via data breaches.

In August 2021, Korean American banking service Pacific City Bank experienced one such attack when ransomware extortion group AvosLocker accessed and encrypted sensitive client data, including Social Security numbers and tax documents. In response to reevaluating security protocols, the bank compensated clients with free credit-monitoring services for a year and an identity theft protection service.

#4. Information technology

- Ransomware attacks, 2022: 107

The effects of ransomware attacks on information technology systems can go far beyond the initial site of the attack. This is because ransomware can spread via shared storage drives and other devices on the same network.

One example occurred in July 2021, when the REvil group exploited a vulnerability in a Kaseya IT management software used by thousands of companies, many of which were managed service providers, or MSPs. This caused the attack to affect over 1,500 companies that used the initially affected clients as their MSP. While the attack disrupted services and costs associated with restoring affected systems, it also highlighted the need for further advances in cybersecurity defense.

#3. Government facilities

- Ransomware attacks, 2022: 115

Government facilities are attractive targets for ransomware attacks, as they tend to store large amounts of sensitive personal data and run on outdated systems vulnerable to attacks—but the effects of attacks go well beyond the risk of data loss. Recent examples have even involved the shutdown of the East Coast's primary fuel pipeline in the 2021 Colonial Pipeline attack. Baltimore also experienced this on a large scale in May 2019, when attackers used Robbinhood ransomware to encrypt city government systems. This disrupted services, including email and payment transactions, and resulted in restoration costs above $18 million.

#2. Critical manufacturing

- Ransomware attacks, 2022: 157

Ransomware attacks on manufacturing plants can disrupt production lines and operations, leading to downtime and profit loss. According to a Comparitech report, ransomware attacks in the manufacturing industry have resulted in a $46 billion loss to the world economy over the past five years.

One such incident affected Norsk Hydro, one of the world's largest aluminum producers, in March 2019. The attack began when an employee opened an email infected with LockerGoga, triggering the encryption of 3,000 devices across the company. Norsk Hydro was widely commended for its response, which included resorting to manual operations and refusing to pay the ransom—opting to incur $70 million in associated losses instead.

#1. Health care and public health

- Ransomware attacks, 2022: 210

Ransomware attacks on health care systems can compromise patient data and disrupt critical services, sometimes with fatal consequences. In 2019, Alabama hospital Springhill Medical Center lost access to fetal-heartbeat-monitoring devices due to a ransomware attack, allegedly resulting in a newborn's death.

A year later, in September 2020, the University Hospital of Düsseldorf in Germany was attacked by DoppelPaymer, resulting in the inability to admit new patients. This allegedly resulted in a woman's death because the hospital could not provide timely treatment. In fact, recent research by the University of Minnesota suggests ransomware attacks on hospitals may increase the risk of patient deaths by 20% to 35%.

Story editing by Ashleigh Graf. Copy editing by Paris Close. Photo selection by Ania Antecka.

This story originally appeared on Drata and was produced and distributed in partnership with Stacker Studio.