Have ransomware-type cyberattacks really decreased in 2022?

ransomware

According to various reports drawn up by analysts and journalists in the information security sector, ransomware-type attacks would be in sharp decline in 2022. A statement that we find in total disagreement. For SuspectFile, the number of victims in all sectors is instead comparable to those experienced in the previous two years, despite the sharp decrease in the number of new groups that were formed in the period January-November 2022

In 2022, the most affected sectors continue to be services, followed by industry and technology. While for Q3 2022, according to a Check Point Research report, education (+18% on an annual basis), military and government (+20% on an annual basis) and healthcare (+60% on an annual basis) are the three sectors with the strongest increase in the number of victims affected.

But the healthcare sector is the one most affected by ransomware attacks between January and September 2022. In a report drawn up by Red Sense we can get the general picture of the situation worldwide, where cybercrime has struck across the board, with at least 20 ransomware groups different, both U.S. that Europe is with 4 cyber gangs capable of sharing the largest number of affected victims, in order LockBit, Hive, 54BB47H and Vice Society.

At the level of cyber attacks that affected the entire healthcare sector (health plans, corporate associates, healthcare providers) between January-November 2022 in the U.S. we can count 556 entities that have reported to the US Department of Health and Human Services (HHS) unauthorized access within their networks or at least one hacking incident. We are not able to have a certain number of cases actually related to ransomware-type cyberattacks, but it is also true that recently victims rarely report having suffered data loss due to this type of cybercrime.

In fact, within the data breach notification letters sent to their patients, very often the word “ransomware” has been replaced with a more generic word (we can imagine the reason), where the word leaves room for any interpretation: “incident”

“… network security incident that may affect the privacy of some of your protected health information”
“…an incident that may affect the privacy of some of your personal information”
“… notify you of an incident that may have involved some of your personal information”
“…a recent data security incident that may have involved some of your personal information”
“… We are writing to inform you of an incident that involved your personal information”

Another aspect to consider is that relating to cyber attacks of which we are unaware. We know for a fact that hundreds of victims have never reported to the police force that they have suffered a cybercrime. There can be many reasons, but two are certainly relevant and mainly concern victims with a medium-high tagert

the hope of remaining anonymous after the ransom is paid
the fear of legal disputes related to data loss

and we must not forget all those victims affected by minor ransomware groups who do not have sufficient visibility or who, in some cases, prefer to remain anonymous.

Through the survey published by HornetSecurity it is possible to better understand what are, at present, the concrete problems associated with the security of corporate computer networks.

1 in 4 (23.9%) IT professionals say their organization has been the victim of a ransomware attack.
21% of these attacks occurred in the last 12 months.
Organizations targeted by ransomware attacks lost data (14.1%) or had to pay ransom to recover data (6.6%)
Nearly 6 out of 10 ransomware attacks (58.6%) originated from malicious emails or phishing attacks.

One of the factors that certainly influenced the increase in the number of ransomware-type attacks in 2022 is the adoption of cloud platforms by many companies. The orientation towards applications such as Microsoft 365 or Google Workspace has generated the belief in companies that these resources could reduce the incidence of cyber attacks, nothing could be more wrong.

The main causes of cyber attacks are, as always, the lack of investment by companies and the lack of training and information given to IT operators.