In the latest Annual Ransomware Report, GuidePoint Security’s GRIT identified ransomware as the most prolific and impactful threat to network security, data integrity, and operational capabilities in 2022, with over 2,500 publicly posted victims observed throughout the year. The report highlighted the severity of ransomware’s impact, positioning it as a cybersecurity challenge across various sectors. Despite predicting a continuing steady increase in ransomware activity, the situation escalated in 2023, exceeding initial expectations. The year-over-year victim volume nearly doubled, driven in part by multiple mass exploitation campaigns that greatly impacted hundreds of organizations worldwide. This increase marks a concerning trend, demonstrating how ransomware threats are changing and evolving.
Ransomware activity in 2023 started slowly but steadily gained momentum over the year. The report highlighted a notable record high of 1,353 victim posts in Q3, indicating a large increase in ransomware incidents during that period. However, the subsequent quarter, Q4, experienced a comparatively mild drop with 1,170 victim posts. The fluctuation in victim posting rates raises questions about the trajectory of ransomware activities, and the results from January 2024 may offer insights into whether the victim volume will decrease, remain constant, or follow historical patterns by increasing in the new year.
Rhysida, categorized as a Developing group, while not ranking highest in terms of total posted victims, displayed a disproportionate impact on traditionally sensitive industries. The report found that Education, Healthcare, and Government sectors experienced the most attacks, with a staggering 46 out of Rhysida’s 74 posted victims belonging to these key sectors. Alphv, identified as a leading ransomware group impacting the healthcare industry, persisted despite law enforcement efforts to dismantle its operations. In response, Alphv strategically modified affiliate rules to permit the targeting of critical infrastructure. This tactical change raises serious concerns for hospitals and healthcare providers, emphasizing the pressing need for adaptive and targeted cybersecurity measures within the healthcare sector to counter evolving threats.
The report also revealed that, in 2023, the healthcare sector saw a major increase in ransomware targeting, challenging established norms. Both Established and Developing ransomware groups, contrary to historical trends, increasingly focused on healthcare organizations. This increase suggests a changing perception among ransomware actors, recognizing healthcare entities as high-value targets due to the wealth of personally identifiable information (PII) they possess. Analyzing the industry breakdown by taxonomy classification reveals that, relative to their presence in the overall ransomware threat. Developing and Emerging groups had a disproportionate impact on healthcare organizations compared to Established groups. This insight notes a strategic adjustment among newer entrants, highlighting a deliberate focus on selectively targeting healthcare entities. These advancements require a reevaluation of cybersecurity strategies tailored specifically to protect healthcare organizations from the changing tactics of ransomware actors.
Two specific incidents demonstrate the targeted nature of ransomware attacks on the healthcare sector in particular. In an early 2023 attack against a U.S. healthcare network, Alphv resorted to leaking sensitive clinical photos of cancer patients after the network refused to pay a ransom. This attack highlights the malicious intent and coercive techniques employed by ransomware groups specifically targeting healthcare organizations. In another incident, the Emerging ransomware group Hunters International employed extortion tactics against a healthcare client, claiming responsibility for an attack on a cancer medical center. Following non-payment of ransom demands, the group contacted patients, threatening the release of private information and offering data removal for a fee. A similar approach was observed in a subsequent attack against clients of a non-profit health network. These incidents highlight the urgent need for healthcare organizations to adopt targeted and adaptive cybersecurity measures. The evolving threats, coupled with changing tactics and coercive techniques, mandates a strategic approach specifically tailored for the healthcare sector. Continuous monitoring, threat intelligence, and proactive cybersecurity measures are necessary to mitigate risks and safeguard sensitive healthcare data from malicious actors.