The 2023 FBI Internet Crime Report revealed that the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) got high numbers of complaints about cybercrime and recorded losses grew by 22% to $12.5 billion. ICR recorded 880,418 complaints in 2023, higher by 10% from 2022. Phishing/spoofing is the most frequently documented cybercrime having 298,878 complaints. Personal data breaches come next with 55,851 complaints and non-payment/non-delivery with 50,523 complaints.
Types of Cybercrime and Reported Losses:
- Investment scams – Reported losses grew by 38% from $3.31 billion (2022) to $4.57 billion (2023)
- Business email compromise (BEC) – Losses of $2.9 billion across 21,489 complaints were reported
- Tech support scams – There were 37,560 complaints received with $1.3 billion in reported losses.
IC3 got 2,825 complaints associated with ransomware from:
- Critical infrastructure entities filed 1,193 ransomware complaints, which increased by 18% from 2022
- Healthcare reported 249 cases involving ransomware attacks
- Critical manufacturing reported 218 attacks
- Government facilities reported 156 attacks
Fourteen out of the 16 critical infrastructure industries reported that at least one member encountered a ransomware attack. Ransom payments increased by 74% from $34.4 million in 2022. Ransomware groups received $59.6 million for the recovery of encrypted files and stopped the vending or publicity of stolen information.
Losses due to ransomware are likely much higher, considering that a lot of victims never report ransomware attacks to the FBI or reveal their losses. For example, a law enforcement activity pinned down the Hive ransomware group in 2023 allowing the FBI to access the infrastructure of the Hive group. The FBI found out that only 20% of the Hive ransomware group’s victims had submitted breach reports to comply with the HIPAA Breach notification rule. The FBI advises victims to report attacks irrespective of whether they paid the ransom or not. By filing a breach report, the FBI could give decryption information, assist in the recovery of the stolen information, and possibly get/retrieve ransom payments. Through ransomware attack reports, the FBI can obtain insights into enemy strategies and eventually catch the perpetrators.
The Most Active Ransomware Groups in 2023
- LockBit – performed 175 attacks on critical infrastructure entities
- ALPHV/BlackCat – conducted 100 attacks
- Akira – conducted 95 attacks
- Royal – conducted 63 attacks
- Black Basta – conducted 41 attacks
Last February, a law enforcement operation disrupted the activity of the LockBit group. However, the disruption was brief, as the group returned immediately after the shutdown. The ALPHV/BlackCat group made it through a December 2023 takedown and responded to the disruption by permitting its affiliates to target earlier forbidden areas and telling them to target healthcare companies. In February 2024, after an affiliate conducted a ransomware attack on Change Healthcare, the group declined to pay the affiliate, kept the $22 million ransom payment, and stopped its operation.
ALPHV/Blackcat was a main gamer in the ransomware sector; nevertheless, attacks are not likely to stop just because of the operation shutdown. ALPHV/Blackcat is likely to rebrand and come back with a different operation, and in case that does not happen, the group’s affiliates will just turn to another ransomware-as-a-service group and keep on carrying out attacks. The attack on Change Healthcare by ALPHV/Blackcat presents a warning to other companies that are thinking of giving ransom payments. After the victims paid $22 million for the removal of the stolen data, the group cheated and did not pay the affiliate’s share of the ransom. Then, the affiliate responsible for the attack saved the stolen information. Ransomware groups will keep on adjusting their strategies to boost the likelihood of getting ransom payments. The FBI has seen rising ransomware trends, for example, using several ransomware strains on the same victim and the data destruction strategy to force victims into settlement and pay the ransom.
