FBI: Ransomware hit 649 critical infrastructure orgs in 2021

The Federal Bureau of Investigation (FBI) says ransomware gangs have breached the networks of at least 649 organizations from multiple US critical infrastructure sectors last year, according to the Internet Crime Complaint Center (IC3) 2021 Internet Crime Report.

However, the actual number is likely higher given that the FBI only started tracking reported ransomware incidents in which the victim a critical infrastructure sector organization in June 2021.

Also, the FBI did not include attacks in its statistics if the victims did not file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

“The IC3 received 649 complaints that indicated organizations belonging to a critical infrastructure sector were victims of a ransomware attack,” the FBI said [PDF].

“Of the 16 critical infrastructure sectors, IC3 reporting indicated 14 sectors had at least 1 member that fell victim to a ransomware attack in 2021.”

Throughout last year, the FBI issued multiple advisories, Private Industry Notifications (PINs), and flash alerts warning of ransomware targeting critical infrastructure, including U.S. Water and Wastewater Systems, the Food and Agriculture sector, U.S. Healthcare and First Responder networks, and education institutions.

Since December, the FBI also revealed that the Ragnar Locker ransomware gang breached the networks of at least 52 critical orgs, Cuba ransomware compromised at least 49 U.S. critical infrastructure entities, while the BlackByte ransomware gang hit at least three others.

Top gangs behind attacks against U.S. critical infrastructure

The top three ransomware gangs that breached critical infrastructure orgs’ networks, based on the number of attacks, were CONTI (with 87 victims), LockBit (with 58), and REvil/Sodinokibi (with 51).

These groups’ operators hit some sectors more than others, with CONTI most frequently attacking the Critical Manufacturing, Commercial Facilities, and Food and Agriculture sectors.

On the other hand, LockBit ransomware was more often used against Government Facilities, Healthcare and Public Health, and Financial Services sectors. 

At the same time, REvil/Sodinokibi mainly targeted Financial Services, Information Technology, and Healthcare and Public Health sectors.

The FBI said it doesn’t encourage paying ransoms since victims have no guarantee that this will prevent future attacks or leaks of stolen data.

Instead, paying ransoms will further motivate the ransomware gangs to target even more victims and incentivize other cybercrime groups to join in and launch ransomware attacks.

Victims are urged to report ransomware incidents to their local FBI field office or the IC3. This will provide the investigators with critical info to track ransomware groups, hold them accountable, and prevent other attacks.

As part of IC3’s 2021 Internet Crime Report, the FBI added that it “anticipates an increase in critical infrastructure victimization in 2022.”

“The 2021 Internet Crime Report includes information from 847,376 complaints of suspected internet crime—a 7% increase from 2020—and reported losses exceeding $6.9 billion,” the FBI added.

“The top three cyber crimes reported by victims in 2021 were phishing scams, non-payment/non-delivery scams, and personal data breach.”

Source: https://www.bleepingcomputer.com/news/security/fbi-ransomware-hit-649-critical-infrastructure-orgs-in-2021/