Content, Content, Ransomware

Ransomware Research: More than 200 U.S. Infrastructure Organizations Attacked in 2022

The number of ransomware attacks on infrastructure belonging to government, education and healthcare organizations in 2022 mirrors what occurred in prior years, security provider Emsisoft said in its State of Ransomware in the U.S. report for the year just ended.

200 Ransomware Attacks Reported

Based on available data, more than 200 large organizations in the U.S. suffered a ransomware attack last year, including:

  • 105 local governments
  • 44 universities and colleges
  • 45 school districts operating 1,981 schools
  • 25 healthcare providers operating 290 hospitals

Counting the number of ransomware strikes overall isn’t an exact science, Emsisoft said. What data is available is based largely on publicly available reports, but not all incidents are made public, even in the public sector.

Emsisoft’s report aggregates data from disclosure statements, press reports, the dark web and third-party information feeds. Because some incidents will have been uncounted, the numbers should be considered to be minimums, the company said.

Emsisoft also noted that attacks on private sector companies that may have disrupted operations in the infrastructure segments counted are not included in the report, including those that hit service and solution providers such as managed security service providers. It is an indication that more organizations will have been disrupted by ransomware than indicated by the numbers the report.

Hackers in the incidents Emsisoft counted stole money and/or data in about half of these cases, not including a mainframe malware attack in Arkansas that spread to 55 counties in the state and radically skewed the data.

When separated from each other, government, education and healthcare organizations show varying findings. For example, in 2022, 105 state or municipal governments or agencies were affected by ransomware, a 36% spike from 2021. Data was stolen in at least 27 of the 105 incidents (26%). However, if the Arkansas episode is disregarded that increases to 54 percent. In 2021, data was stolen in 36 of 77 incidents (47%).

In total, 89 education sector organizations were impacted by ransomware, which is one more than the prior year. However, the impacted districts in 2021 had 1,043 schools between them but, in 2022, this almost doubled to 1,981 schools. Data was exfiltrated in at least 58 incidents (65%) compared to in 44 incidents the previous year (50%).

In the healthcare segment, Emsisoft only tracked hospitals, of which 290 were affected in 2022. Data including protected health information (PHI) was exfiltrated in at least 17 cases (68%).

Ransomware Attacks Consistent

Dig a little deeper and the number of ransomware attacks have remained relatively consistent over the last four years, according to Emsisoft.

State and local governments, with 2021 an apparent anomaly:
2019: 113
2020: 113
2021: 77
2022: 105

The number of incidents involving the education sector has also remained consistent:
2019: 89
2020: 84
2021: 88
2022: 89

While on the surface the figures may seem like a win in that ransomware attacks aren’t increasing in number in those segments. But with the volume of anti-ransomware activity worldwide, it’s concerning that the incidents haven't dropped, Emsisoft said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.