The FBI has identified the top three ransomware strains responsible for most attacks against vital infrastructure in the United States.
According to the FBI’s newest Internet Crime Report, the most active ransomware strains in 2021 were Conti, Lockbit, and REvil/Sodinokibi.
Conti targeted 87 critical infrastructure companies, according to the Internet Crime Complaint Center (IC3), while Lockbit and REvil/Sodinokibi targeted 58 and 51 victims, respectively.
The three share a common bond: Russia. After the Kremlin invaded Ukraine last month, Conti sided with Moscow. Internal emails have been leaked, indicating that the organization supported Russia’s secret services in surveillance attempts.
Meanwhile, REvil’s associates in Russia lived an opulent lifestyle before being apprehended by Russian authorities.
LockBit has avoided taking sides with any country. According to OSINT investigations, at least some of its members are Russian, and they regurgitate storylines that are quite similar to Moscow’s.
According to security specialists, as much as $400 million in cryptocurrency recently ended up in the hands of cybercriminals linked to Russia.
Various objectives
According to the FBI, threat actors target vital infrastructure sectors with the top three ransomware variants. Conti prioritizes the industries of Critical Manufacturing, Commercial Facilities, and Food and Agriculture, for example.
LockBit primarily targets the government, healthcare and public health, and financial services industries.
The Financial Services, Information Technology, Healthcare, and Public Health industries were the most commonly targeted by REvil/Sodinokibi.
Healthcare services were the most targeted by threat actors in 2021, with 148 victims reporting assaults to the IC3. Financial Services (89) and Information Technology (74) came in second and third, respectively.
Exponential growth rate
In 2021, IC3 received 3,729 ransomware-related complaints, according to the report. The number of ransomware reports grew by 50% in comparison to the previous year.
When comparing the number of complaints from 2018 to 2019, the rate of rise is even faster, with 82 percent more recorded ransomware complaints.
According to the research, victims’ losses increased at a dizzying pace. According to the FBI, ransomware victims lost more than $42 million in 2021.
In 2020 and 2019, reported losses were roughly $29 million and $9 million, respectively.
The number of losses, however, does not include estimates of lost business, time, wages, data, equipment, or any third-party remediation services bought by a victim, according to the report’s authors.
According to the research, “in certain situations, victims do not disclose any loss amount to the FBI, resulting in an artificially low total ransomware loss rate.”
A cyber-epidemic
Ransomware is still a huge danger to businesses all around the world. According to a recent Thales analysis, one out of every five worldwide enterprises was hit by ransaomware last year.
According to data collected from over 2,700 IT decision-makers worldwide, 22% of companies have paid or would pay a ransom for their data.
The findings are in stark contrast with the FBI’s recommendations. The FBI warns against paying the ransom because successful extortion attempts encourage threat actors to keep operating.
Even though ransomware is the primary cause of security assaults, 41% of respondents indicated their firm has no plans to modify security investment, despite the increased ransomware consequences.
Every year, ransomware statistics set new anti-records, but in 2022, fresh threats may be added to the mix.
New threats emerged as a result of Russia’s invasion of Ukraine. According to some analysts, Moscow may resort to cybercriminals to help maintain its economy, making ransomware assaults even more deadly.
Officials from the United States have warned key infrastructure corporations, claiming that ‘developing intelligence’ implies Russia intends to utilize its cyber capabilities against the United States.
