Ransomware hit 649 organizations with critical infrastructure in 2021


The Federal Bureau of Investigation (FBI) says ransomware gangs penetrated the networks of at least 649 organizations across multiple critical infrastructure sectors in the US last year, according to the Internet Crime Complaint Center (IC3) 2021 Internet Crime Report.

However, the actual number is likely higher, as the FBI did not begin tracking reported ransomware incidents until June 2021 where the victim was an organization in the critical infrastructure sector.

The FBI also did not include attacks in its statistics if the victims did not file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

“The IC3 received 649 complaints indicating that organizations belonging to a critical infrastructure sector were victims of a ransomware attack,” the FBI said. [PDF]†

“Of the 16 critical infrastructure sectors, IC3 reporting indicated that 14 sectors had at least 1 member that fell victim to a ransomware attack in 2021.”

Over the past year, the FBI has issued multiple advisories, Private Industry Notifications (PINs), and flash alerts warning of ransomware targeting critical infrastructure, including U.S. water and wastewater systems, the food and agriculture sectors, U.S. healthcare and First Responder networks. and educational institutions.

Since December, the FBI has also revealed that the Ragnar Locker ransomware has breached the networks of at least 52 critical organizations, the Cuban ransomware has compromised at least 49 U.S. critical infrastructure entities, while the BlackByte ransomware has affected at least three others.

Critical Infrastructure RansomwareImage: FBI

Top gangs behind attacks on critical US infrastructure

The top three ransomware gangs that have hacked the networks of critical infrastructure organizations, based on the number of attacks, were CONTI (with 87 victims), LockBit (with 58), and REvil/Sodinokibi (with 51).

The operators of these groups hit some sectors more than others, with CONTI most often attacking the critical manufacturing, commercial facilities, and food and agriculture sectors.

On the other hand, LockBit ransomware was more commonly used against the Government Services, Healthcare and Public Health, and Financial Services sectors.

At the same time, REvil/Sodinokibi focused primarily on the financial services, information technology, and healthcare and public health sectors.

Key Critical Infrastructure for RansomwareImage: FBI

The FBI said it does not encourage paying ransoms because victims have no guarantee that it will prevent future attacks or leaks of stolen data.

Instead, paying ransom will motivate ransomware gangs to attack even more victims and incite other cybercrime groups to join in and carry out ransomware attacks.

Victims are urged to report ransomware incidents to their local FBI field office or the IC3. This provides the researchers with crucial information to track down ransomware groups, hold them accountable and prevent other attacks.

As part of IC3’s 2021 Internet Crime Report, the FBI added that it “anticipates an increase in critical infrastructure casualties in 2022.”

“The 2021 Internet Crime Report contains information from 847,376 complaints of suspected Internet crime — a 7% increase from 2020 — and reported losses of more than $6.9 billion,” the FBI added.

“The top three cybercrimes reported by victims in 2021 were phishing, non-payment/non-delivery scams, and personal data breach.”

This post Ransomware hit 649 organizations with critical infrastructure in 2021

was original published at “https://www.bleepingcomputer.com/news/security/fbi-ransomware-hit-649-critical-infrastructure-orgs-in-2021/”