Ransomware attackers are targeting US healthcare and education services
William Gallagher
The USA is now seeing more ransomware attacks than the next 22 most-affected countries combined, according to a new report that expects the number of incidents to rise sharply.
Security research firm Malwarebytes has previously reported on the different approaches bad actors take to users of Macs compared to PCs. Now in its latest annual report, the writers say there were 1,462 reported ransomware attacks in the US alone.
"Over the last 12 months, education and healthcare were the most beleaguered sectors in the US outside of services," says Malwarebytes in its report. "They received so many attacks that if they were countries, they would be the fourth and sixth most attacked in the world, on either side of Germany."
The broad category of Services attracted 26% of all US ransomware attacks. Financial services was the lowest-specified category, being the target of 2% of US ransomware attacks in the year to July 2023.
"While the number of active groups in the US has increased over the last year," continues the report, "the escalation in the number of monthly attacks appears to be the result of existing ransomware groups being more active."
Malwarebytes further claims that there is evidence ransomware is growing, and specifically that it is increasing the use of ransomware-as-a-service (RaaS). An up-and-coming group, CL0P, is making waves with its ascension using RaaS, overtaking large groups like LockBit some months.
RaaS can be spread by various methods, but reportedly the most common one is that it is sent out by email.
"In March, CL0P used a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool to break into numerous victims' networks, chalking up 48 known attacks-almost double LockBit's total," said Malwarebytes. "In late May, after two quiet months, CL0P returned, abusing a zero-day in Progress Software's file transfer tool MOVEit Transfer to compromise an even larger number of victims, again vastly exceeding LockBit's output that month."
"[However, from] CL0P's perspective the campaign has achieved mixed success," said Marcelo Rivero, Malwarebytes' threat intelligence analyst and ransomware specialist. "While it exploited a previously unknown vulnerability, the generally low quality of the data stolen may have compromised its objectives."
Viruses are still more prevalent on PCs, but Macs are an attractive target for criminals, so the use of malware that a user may be tricked into installing is growing. Most recently, in April 2023, the Windows LockBit ransomware software began targeting Macs for the first time.
The full report is available directly from Malwarebytes.
Malcolm Owen
Amber Neely
Andrew Orr
Christine McKee
2 Comments
This is not new. Ransomware targeting critical systems is growing by the hour, and the growth of AI is going to make it exponentially worse. Financial, air/land/sea traffic, healthcare, and education, are tempting targets for psychopaths. Most for profit, but a subset of anarchists engages just for the thrill of destruction. When quantum computing systems become available to these actors, there are no current encryption algorithms that can't be broken. Corporate and government entities have so far been way behind cyber criminals, only reacting, rather than pre-empting to ransomware attacks. And if they don't step up and start spending the money necessary, society as we know it is in as much danger from malware as it is from climate change or the rise of tribalism and autocracy across multiple nations.