According to Comparitech’s worldwide ransomware tracker, 2022 saw a huge dip in the number of publicly-reported ransomware attacks. In 2022, 769 attacks were collated by the researchers, compared to 1,365 in 2021.
But that’s not to say hackers have been any less prevalent or successful.
Interestingly, the data stolen in ransomware attacks throughout 2022 has risen exponentially. In 2021, 49.8 million records were noted as having been impacted by ransomware attacks. In 2022, this more than doubled to nearly 115 million. Moreover, the average number of records impacted in each ransomware attack was 587,048–nearly five times the average noted in 2021 (just over 119,000).
This is mirrored in the fact that 2022 saw some huge data breaches via ransomware attacks, namely TransUnion South Africa (which saw a potential 54m records affected), Russia’s Digital Network Systems (16m records), Australia-based Optus (9.8m) and Medibank (9.7m), and the hack on the AirAsia Group (5m).
Ransoms also remained high with an average demand of $7.1m (down from $8.2m in 2021).
Despite an overall decline in the number of reported ransomware attacks, governmental and educational organisations saw similar attack figures in 2021 and 2022. Government-based attacks declined to 148 in 2022 from 158 in 2021, while the education sector saw 100 attacks in 2022, compared to 105 in 2021.
Government organisations saw a huge rise in the average ransom demanded–increasing from $1.7m in 2021 to a whopping $10.2m in 2022. The number of records affected in these attacks also rose dramatically. 291,000 records were noted as being involved in ransomware attacks in 2021, while nearly 473,000 were impacted in 2022. On average, the number of records impacted in each attack more than doubled in 2022, rising from 15,327 to 39,383.
All other sectors saw a decline in the average ransoms demanded–but businesses also saw a vast increase in the number of records affected. As we have already noted, many businesses saw large-scale data breaches as a result of ransomware attacks. The average number of records impacted in ransomware attacks on businesses rose from just over 100,000 in 2021 to almost 900,000 in 2022. This coincides with a rise in double-extortion attacks whereby hackers encrypt systems while also stealing data (effectively doubling their chances of securing a ransom payment).
All of these statistics point toward hackers becoming far more targeted in their approach, with a growing emphasis on stealing vast amounts of data. Ransomware gangs are going after “high-ticket” victims, targeting large entities with greater amounts of data. The more data stolen, the greater the need to try and get it back, meaning higher ransoms from fewer victims. Or, should a business fail to cough up the ransom, stolen data can be sold on the dark web.
The public release of data by hackers means organisations must admit to being breached.
Many organisations appear to be avoiding admitting to having suffered a ransomware attack or referring to a cyber attack as ransomware. In many cases, ransomware attacks are only confirmed when hackers publish stolen data or companies admit to data having been stolen.
What’s clear, then, is that while 2022 may have seen a dip in the number of ransomware attacks reported, we’d be foolish to assume the threat is any less prevalent. If anything, the threat is only growing. With an increased focus on stealing data, hackers put consumer data at increased risk of exposure. And with many companies trying to avoid the stigma of having suffered a ransomware attack, there is the concern that many consumers are oblivious that their data has been stolen and/or published on the dark web–especially in jurisdictions where data breach reports are not mandatory.
A prime example of this is the recent publication of children’s data stolen from several UK schools. When contacted about the breaches, several schools admitted that teachers/students weren’t contacted following the breach.
2022 key findings
According to the publicly-reported ransomware attacks collated by Comparitech researchers, 2022 saw:
- 769 attacks–nearly half the number recorded in 2021 (1,365)
- An average ransom demand of $7.1 million–just over $1m less than the average demand in 2021 ($8.2 million)
- 114,474,363 records impacted–more than double the number impacted in 2021 (49.8 million)
- An average of 587,048 records were impacted per attack–nearly five times 2021’s average of 119,114
When broken down by industry:
Business
- 410 attacks–over half 2021’s figure (931)
- An average ransom demand of $7.8 million–down from $12.1m in 2021
- 103,484,706 records impacted–a vast increase on the number impacted in 2021 (27.9m)
- An average of 899,867 records impacted per attack–nearly nine times 2021’s average of 100,825
Education
- 100 attacks–not much of a change on 2021’s figure (105)
- An average ransom demand of $1.3 million–far less than the average demand of $6.6m in 2021
- 686,219 records impacted–over half 2021’s figure of (1.3m)
- An average of 45,748 records impacted per attack–slightly lower than 2021’s figure (56,214)
Government
- 148 attacks–similar to 2021’s figure of 158
- An average ransom demand of $10.2 million–almost 10 times higher than 2021’s average of $1.7m
- 472,597 records impacted–far higher than the total noted in 2021 (291,000)
- An average of 39,383 records impacted per attack–more than double 2021’s average of 15,327
Healthcare
- 111 attacks–much lower than the 171 tracked in 2021
- An average ransom demand of $3.6 million–down from $5.1m in 2021
- 9,830,841 records impacted–less than half the figure noted in 2021 (20.3m)
An average of 185,488 records impacted per attack–slightly less than 2021’s figure of 204,820
