Dive Brief:

• More than one-third of ransomware attacks reported to the FBI last year impacted organizations in a critical infrastructure sector, according to the FBI Internet Crime Complaint Center’s annual report released Friday.
• Of the 2,385 ransomware attacks reported to the FBI last year, 870 hit critical infrastructure organizations. The healthcare and public health sector was hit with the largest share of reported ransomware incidents, a total of 210 attacks in 2022, the FBI said.
• Collectively, ransomware infections caused adjusted losses of more than $34 million last year. 

Dive Insight:

The FBI acknowledged a persistent difficulty it confronts in counting the “true number” of ransomware incidents — many attacks don’t get reported to law enforcement.

Phishing, remote desktop protocol exploitation and software vulnerability exploits remained the top initial infection vectors for ransomware attacks, the FBI said. Threat actors continued to use extortion as a tactic to pressure victims to pay the ransom or risk the release of stolen data.

Extortion crimes reported to the FBI remained flat compared to 2021, but down by nearly half from a peak in 2020. Extortion, not exclusive to ransomware, was the fourth-highest cybercrime type reported to the FBI last year, with more than 39,000 incidents reported.