The scourge of ransomware in the U.S. is “as bad as it has ever been,” with 2,207 governments, hospitals, and schools victimized by hackers in 2023, according to a new survey by the cybersecurity company Emsisoft.
Ransomware attacks have faded from national headlines since 2021 when cybercriminals linked to Russia hit Colonial Pipeline, causing chaos for the major U.S. fuel supplier to the East Coast. President Biden mobilized federal cyber officials in response and warned the Kremlin, but the onslaught of digital attacks from hackers around the world has barely let up in efforts to hammer American networks.
Emsisoft’s “State of Ransomware in the U.S.” report, published Tuesday, said ransomware attacks will lead to more serious consequences, and even fatalities, unless the wave of attacks is addressed aggressively. Ransomware — malicious software that holds data hostage until victims pay up — is estimated to have already caused deaths via such things as delayed access to medical care.
“Governments have formed task forces, international coalitions, and pledged at the federal level not to pay ransoms, while law enforcement has disrupted operations across the ransomware ecosystem, dismantled botnets, seized crypto assets, and made arrests,” the Emsisoft report said. “But despite all of this, ransomware stubbornly remains as much of a problem as ever.”
Some 108 U.S. K-12 school districts were targeted by ransomware hackers in 2023, more than in the previous two years combined, according to Emsisoft’s data. Some 46 hospital systems, including 141 hospitals, were victimized last year, up from 25 systems in 2022.
Emsisoft said compiling data on ransomware is complicated because only a minority of incidents are disclosed and organizations may use confusing language to hide the financial damage and negative publicity. Emsisoft’s report said its numbers almost certainly understated the extent of the ransomware problem.
Emsisoft threat analyst Brett Callow told The Washington Times that it is difficult to determine precise ransomware trends and the level of attacks in the U.S. compared to other nations, making it hard to know whether counter-ransomware strategies are working.