Ransomware attacks declined in ’22 but more records being compromised

Jan. 17, 2023
A recent report from Comparitech finds that as attacks declined the ransom demands increased

The number of ransomware attacks logged in the U.S. and worldwide declined significantly in 2022, but the incidents are compromising more records than before and many entities are reluctant to admit such breaches, a recent study shows.

According to a report from Comparitech’s U.S. ransom tracker, there were 335 publicly reported attacks in 2022, down 50% from the 676 reported in 2021.

Rebecca Moody, head of data research at Comparitech, said ransom demands remained high, dropping from an average of $5.5 million in 2021 to $4.74 million in 2022. The business sector noted a huge increase in its average ransom demand, however, rising from an average of $8.4 million in 2021 to $13.2 million in 2022. 

Equally, while the number of records impacted in these attacks dropped significantly (falling from 43.6 million in 2021 to just over 17.3 million in 2022), the average number of records involved in each attack remained quite similar, Moody noted.

On average, 2021 saw nearly 117,000 records impacted per ransomware attack, while 2022 saw 96,161 records affected.

“This indicates that even though ransom attacks may have decreased, hackers are perhaps becoming more targeted in their approach,” Moody said. “With a huge focus on data and stealing vast quantities of it, hackers are targeting big organizations with more data.

“The more people involved in these attacks, the greater the organizations need to try and get the data back, therefore increasing the hackers’ chances of receiving a ransom payment. Equally, if companies fail to pay, hackers can post the data for sale on the dark web.”

Worldwide Attacks Also Decline

Comparitech’s worldwide ransomware tracker also logged a huge dip in the number of publicly-reported ransomware attacks last year.

In 2022, 769 attacks were collated by the researchers, compared to 1,365 in 2021. But that’s not to say hackers have been any less prevalent or successful. Interestingly, Moody said, the data stolen in ransomware attacks throughout 2022 has risen exponentially.

In 2021, 49.8 million records were noted as having been impacted by ransomware attacks. In 2022, this more than doubled to almost 115 million.

Moreover, the average number of records impacted in each ransomware attack was 587,048 – nearly 5 times the average noted in 2021 (just over 119,000). 

This is mirrored in the fact that 2022 saw some huge data breaches via ransomware attacks, Moody said – namely TransUnion South Africa (which saw a potential 54 million records affected), Russia’s Digital Network Systems (16 million), Australia-based Optus (9.8 million) and Medibank (9.7 million), and the hack on the AirAsia Group (5 million). Ransoms also remained high with an average demand of $7.1 million (down from $8.2 million in 2021).

Despite an overall decline in the number of reported ransomware attacks, governmental and educational organizations saw similar attack figures in 2021 and 2022, the study said.

Government-based attacks declined to 148 in 2022 from 158 in 2021, while the education sector saw 100 attacks in 2022, compared to 105 in 2021.

Government organizations saw a huge rise in the average ransom demanded – increasing from $1.7 million in 2021 to a whopping $10.2 million in 2022.

The number of records affected in these attacks also rose dramatically. Some 291,000 records were noted as being involved in ransomware attacks in 2021, while nearly 473,000 were impacted in 2022. On average, the number of records impacted in each attack more than doubled in 2022, rising from 15,327 to 39,383, the study said.

All other sectors saw a decline in the average ransoms demanded – but businesses also saw a vast increase in the number of records affected. As Moody previously noted, many businesses saw large-scale data breaches due to ransomware attacks.

The average number of records impacted by ransomware attacks on businesses rose from just over 100,000 in 2021 to almost 900,000 in 2022. This coincides with a rise in double-extortion attacks whereby hackers encrypt systems while also stealing data (effectively doubling their chances of securing a ransom payment). 

Large Entities a Target

All of these statistics point toward hackers becoming far more targeted in their approach, with a growing emphasis on stealing vast amounts of data, Moody said. Ransomware gangs are going after “high-ticket” victims, targeting large entities with greater amounts of data.

“The more data stolen, the greater the need to try and get it back, meaning higher ransoms from fewer victims. Or, should a business fail to cough up the ransom, stolen data can be sold on the dark web,” she said. 

The public release of data by hackers means organizations must admit to being breached. Many organizations appear to be avoiding admitting to having suffered a ransomware attack or referring to a cyberattack as ransomware. In many cases, ransomware attacks are only confirmed when hackers publish stolen data or companies admit to data having been stolen. 

While 2022 may have seen a dip in the number of ransomware attacks reported, “we’d be foolish to assume the threat is any less prevalent,” Moody summed up. “If anything, the threat is only growing. With an increased focus on stealing data, hackers put consumer data at increased risk of exposure.

“And with many companies trying to avoid the stigma of having suffered a ransomware attack, there is the concern that many consumers are oblivious that their data has been stolen and/or published on the dark web–especially in jurisdictions where data breach reports are not mandatory.” 

A prime example of this, according to Moody, is the recent publication of children’s data stolen from several UK schools. When contacted about the breaches, several schools admitted that teachers/students weren’t contacted following the breach.”

About the author: John Dobberstein is the managing editor of SecurityInfoWatch.com.