Russia-linked gangs attack US critical infrastructure most often

The FBI names the top three ransomware variants behind most attacks against critical infrastructure in the US.

Conti, Lockbit, and REvil/Sodinokibi were the most active ransomware strains in 2021, FBI's latest Internet Crime Report shows.

According to information submitted to the Internet Crime Complaint Center (IC3), Conti victimized 87 critical infrastructure organizations, while Lockbit and REvil/Sodinokibi attacked 58 and 51 victims.

The trio has a common link - Russia. Conti sided with Moscow after the Kremlin invaded Ukraine last month. Leaked internal chats suggest the group aided Russia's secret services in spying attempts.

Meanwhile, REvil's affiliates enjoyed a lavish lifestyle in Russia before some of the gang members were arrested by local authorities.

LockBit has avoided siding with any nation-state. However, OSINT research shows at least some of its members are Russian and repeat narratives that closely resemble Moscow's views.

Security researchers last month said that as much as $400 million worth of cryptocurrency ended up filling the pockets of cybercriminals connected to Russia in some form.


Different targets

According to the FBI, threat actors using the top three strains of ransomware target different critical infrastructure sectors. For example, Conti favors the Critical Manufacturing, Commercial Facilities, and Food and Agriculture sectors.

LockBit usually targets the Government Facilities, Healthcare and Public Health, and Financial Services sectors.

REvil/Sodinokibi most frequently victimized the Financial Services, Information Technology, and Healthcare and Public Health sectors.

In general, threat actors targeted Healthcare services the most in 2021, with 148 victims reporting attacks to the IC3. The Financial Services (89) and IT (74) sectors ranked second and third.

Exponential growth

According to the report, IC3 received 3,729 complaints identified as ransomware in 2021. Compared to the previous year, the number of complaints on ransomware increased by 50%.

The speed of growth is even steeper comparing the number of complaints to 2019, with 82% more reported ransomware complaints.

The report shows that losses incurred by victims also grew at a breakneck pace. The FBI claims that ransomware victims reported losses of over $42 million in 2021.

Reported losses in 2020 and 2019 were around $29 million and $9 million, respectively.

However, the report's authors note that the volume of losses does not include estimates of lost business, time, wages, files, equipment, or any third-party remediation services acquired by a victim.

"In some cases, victims do not report any loss amount to the FBI, thereby creating an artificially low overall ransomware loss rate," reads the report.

A cyber plague

Ransomware continues to be a major threat to organizations worldwide. A recent report by Thales indicates that a staggering one in five global organizations experienced a ransomware attack last year.

Results collected from over 2,700 IT decision-makers worldwide show that 22% of organizations have paid or would pay a ransom for their data.

The results sharply contrast FBI recommendations. The Bureau advises against paying the ransom since successful extortion attempts only encourage threat actors to continue their business.

Interestingly, while 53% of respondents say ransomware is the leading source of security attacks, 41% said their organization had no plan to change security spending, even with greater ransomware impacts.

While ransomware statistics break new anti-records every single year, 2022 might add more threats to the mix.

With Russia's invasion of Ukraine, new threats came to the forefront. Some pundits believe Moscow might turn to cybercriminals to support its economy, making ransomware attacks even more devastating.

US officials warned critical infrastructure companies that 'evolving intelligence' suggests Russia plans to use its cyber capabilities against Washington.

More from Cybernews:

Leaked files expose Russia's problems with the Mars mission

Here’s what makes Lapsus$ stand out from other extortion groups

10GB of Nestlé data leaked, say Anonymous

Key industries warned over rising threat actor

The European Commission proposes new cybersecurity regulations as the threat of cyberattacks rises

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked