Ransomware theft in 2023 ‘as bad as it has ever been’: Report

The scourge of ransomware in the U.S. is “as bad as it has ever been,” with 2,207 governments, hospitals, and schools victimized by hackers in 2023, according to a new survey by the cybersecurity company Emsisoft.

Ransomware attacks have faded from national headlines since 2021 when cybercriminals linked to Russia hit Colonial Pipeline, causing chaos for the major U.S. fuel supplier to the East Coast. President Biden mobilized federal cyber officials in response and warned the Kremlin, but the onslaught of digital attacks from hackers around the world has barely let up in efforts to hammer American networks.

Emsisoft’s “State of Ransomware in the U.S.” report, published Tuesday, said ransomware attacks will lead to more serious consequences, and even fatalities, unless the wave of attacks is addressed aggressively. Ransomware — malicious software that holds data hostage until victims pay up — is estimated to have already caused deaths via such things as delayed access to medical care. 

“Governments have formed task forces, international coalitions, and pledged at the federal level not to pay ransoms, while law enforcement has disrupted operations across the ransomware ecosystem, dismantled botnets, seized crypto assets, and made arrests,” the Emsisoft report said. “But despite all of this, ransomware stubbornly remains as much of a problem as ever.”

Some 108 U.S. K-12 school districts were targeted by ransomware hackers in 2023, more than in the previous two years combined, according to Emsisoft’s data. Some 46 hospital systems, including 141 hospitals, were victimized last year, up from 25 systems in 2022. 

Emsisoft said compiling data on ransomware is complicated because only a minority of incidents are disclosed and organizations may use confusing language to hide the financial damage and negative publicity. Emsisoft’s report said its numbers almost certainly understated the extent of the ransomware problem.

Emsisoft threat analyst Brett Callow told The Washington Times that it is difficult to determine precise ransomware trends and the level of attacks in the U.S. compared to other nations, making it hard to know whether counter-ransomware strategies are working. 

“As far as we can tell, global numbers are holding fairly steady,” Mr. Callow said of ransomware incidents.

Among the major U.S. ransomware incidents in 2023 were attacks on the U.S. Marshals Service and city government operations in Dallas and Oakland. According to Emsisoft, data stolen in the attack on the U.S. Marshals included sensitive data on investigations and employees, data later discovered for sale on a Russian-language cybercrime forum. 

Hackers’ appetites for launching cyberattacks have grown as the ransoms paid have swelled. Emsisoft said ransom payments soared to an average of $1.5 million in 2023, up from just $5,000 in 2018.

To combat the flood of ransomware, Emsisoft wants to eliminate the profit incentive for attackers and is advocating governments ban victims from paying up. 

“Current counter-ransomware strategies amount to little more than building speed bumps and whacking moles,” Mr. Callow said in the report. “The reality is that we’re not going to defend our way out of this situation, and we’re not going to police our way out of it either.”

“We believe that the only solution to the ransomware crisis — which is as bad as it has ever been — is to completely ban the payment of ransoms,” the report’s authors concluded.

Such bans may be unpopular with some federal cyber officials who fear punitive actions directed at victims will deter information sharing between the private sector and the government.

Emsisoft said urgent action is necessary against ransomware as more dangerous cyberattacks are likely to occur.

“It should be noted that the tactics used by threat actors have become more extreme and, because of the amount of money now on the line, will likely become even more extreme,” the report said.