Ransomware Appears to be in Decline, but Don’t Lower your Guard

By | January 17, 2023

While it is difficult to obtain accurate data on the number of ransomware attacks being conducted on healthcare organizations, the available data suggest there has been a decline in attacks across all industry sectors compared to the high number of attacks reported in 2021. Emsisoft recently reported that attacks are leveling off or declining in the industry sectors it tracks, and now a new survey appears to confirm that decline.

The survey was conducted by Censuswide on behalf of Delinea on 300 IT decision-makers across a broad range of industries in the United States, with the responses suggesting there has been a 60% decline in attacks between 2021 and 2022. In 2021, the survey revealed 64% of organizations had experienced a ransomware attack in the past 12 months, compared to 25% of organizations in 2022.

Ransomware attacks have been reported by small and large healthcare organizations, with the Hive ransomware group known to target smaller medical practices that provide telehealth services, but ransomware gangs appear to still favor attacks on larger organizations, with the Delinea survey revealing 56% of organizations that suffered a ransomware attack in the past 12 months had 100 or more employees.

In 2021, the Conti ransomware operation was the major ransomware player, but in early 2022 the group was disbanded, with its members moving to smaller ransomware operations. While these groups are conducting many attacks, Delinea suggests the shutdown of this large ransomware operation may explain, in part, the decline in attacks. According to GuidePoint Security, there was a 53% decline in attacks by the two main ransomware gangs – Conti and LockBit – last year, yet overall attacks only decreased by around 7%.

Another suggested reason for the decline in attacks is ransomware-preventing security controls are proving to be effective at thwarting attacks. It should also be noted that several ransomware gangs have also started conducting extortion-only attacks, where data are stolen and threats are issued to publish data if the ransom is not paid, but file encryption does not occur. While these attacks are conducted by ransomware gangs, they may not be classed as ransomware attacks, and this could be reflected in the survey data.

In 2022, messages between members of the Hive ransomware gang were intercepted that suggested the group was not having problems compromising organizations but was struggling to force attacked organizations to pay up. The Delinea survey confirmed that fewer organizations are paying up, with 68% of organizations saying they paid the ransom following an attack in 2022 compared to 82% in 2021. The survey also confirmed some of the negative consequences of ransomware attacks, with 56% of companies saying they lost revenue as a result of a successful ransomware attack, with 50% of companies saying they lost customers, although fewer organizations than last year said they suffered reputational damage as a result of an attack – 51% in 2021 compared to 43% in 2022.

Attitudes to ransomware attacks also appear to be changing. In 2021, 88% of organizations said they believed it should be illegal to pay a ransom to cybercriminals following a ransomware attack, but in 2022, 63% of surveyed companies felt that way and believed they should have the choice about whether or not to pay for the keys to recover their data and prevent data exposure.

The reduction in attacks is certainly good news, but it does not mean that they will not increase again. It is therefore concerning that Delinea found investment in ransomware defenses is declining. In 2021, 93% of surveyed organizations said they had allocated funding to combat ransomware attacks, whereas that percentage fell to 68% in 2022. The survey also revealed that only half of the surveyed organizations had implemented best practices to prevent ransomware attacks, such as enforcing password best practices (51%) and multi-factor authentication (50%). There was also a notable decline in the number of companies that had an incident response plan specifically for ransomware attacks, which fell from 94% in 2021 to 71% in 2022.

The post Ransomware Appears to be in Decline, but Don’t Lower your Guard appeared first on HIPAA Journal.