It certainly feels as though every report or research on cybersecurity and cybercrime discusses the rising number of attacks and risks associated with that.
But what you might not know is that ransomware attacks specifically targeting public organizations such as local government, schools, and hospitals have actually decreased in 2022.
According to a report from the Ransomware Task Force, which cites data compiled by Recorded Future intelligence analyst Allan Liska, there have only been 64 documented attacks on local governments, schools, and hospitals in 2022. There were more than 150 such attacks over the same timeframe in 2021.
So, what gives? These types of attacks skyrocketed during the early stages of the pandemic when everyone transitioned to remote work. Why are we seeing a drop-off now?
Liska spoke with StateScoop and said "there may be fewer attacks" but that he has "trouble believing that because every [incident response] person I know is still booked fully, mostly with ransomware."
And he is not the only one who has noticed this trend.
Brett Callow, an analyst at Emsisoft who has tracked ransomware for years, said "we've actually seen a decrease in the public sector." Callow has tracked 30 attacks on local governments and 35 on education organizations through June this year. In 2021, there were 53 and 59 attacks, respectively, over the same time period.
Recorded Future's and Emsisoft's numbers are both based on a combination of public disclosures, leak sites, and the companies' direct engagements with victim organizations. Tracking ransomware incidents through these avenues can prove to be difficult, which could be a contributing factor to why attacks on the public sector are perceived as slowing down.
Liska mentioned that leak sites are not as reliable as they used to be, as cybercriminals are now taking more time to post stolen data or look towards alternate extortion tactics. He said that "we as an industry have become reliant on extortion sites."
It is not necessarily a good thing to be relying on cybercriminals to help make our data more accurate, which highlights the need for new requirements when it comes to reporting ransomware and other cyberattacks, some experts say.
While the U.S. has added new requirements this year, such as mandatory reporting for critical infrastructure organizations within 72 hours of discovery, the country still has a long way to go.
Liska discussed reporting in the United States:
"I do think part of that is the U.S. makes up a smaller percentage of total victims. The U.S. is bad enough at reporting and other countries are even worse. I've been shouting that we need this for five years now. It's good to see the progress. We'll need those reporting requirements in place and hopefully that'll continue to drive what we know about all of this and allow us to continue to improve."
See the original story from StateScoop for more information.