The FBI's Internet Crime Complaint Center report found that government facilities accounted for 156 ransomware complaints in 2023. amgun/Getty Images
Government facilities were third largest ransomware target in 2023, FBI says
The FBI’s IC3 findings also show government official impersonation scams are on the rise.
Government facilities were the third largest critical infrastructure sector targeted by ransomware attacks in 2023, according to cybercrime statistics released Wednesday by the FBI.
The agency’s Internet Crime Complaint Center, or IC3, unveiled the findings in its annual report that unpacks complaints, financial losses and other metrics used to determine the severity of cybercrime activities reported to federal authorities.
Of the 1,193 complaints IC3 received from organizations belonging to U.S.-designated critical infrastructure sectors, government facilities came in third place with 156 complaints, while critical manufacturing and healthcare centers took the second and top spots, respectively.
“Of the 16 critical infrastructure sectors, IC3 reporting indicated 14 sectors had at least 1 member that fell to a ransomware attack in 2023,” the report adds.
LockBit, ALPHV/BlackCat, Akira, Royal and Black Basta were the top ransomware gangs tied to those critical infrastructure complaints, the report added. ALPHV, which recently claimed responsibility for its attack on Change Healthcare that has caused widespread logjams in the prescription drug market, reportedly staged a takedown after hauling away a $22 million ransom payment from the company.
Ransomware operatives targeted companies around the world last year, with the number of firms targeted reaching an all-time high compared to findings in previous years, according to a January Check Point analysis.
The U.S. has been working with international partners to take a firm stance against ransom payments, though experts have not agreed on a single policy.
“The FBI does not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that an entity’s files will be recovered,” IC3 says.
The IC3 report also found $350 million were lost from scams in which hackers impersonated government officials attempting to collect money. Older adults are overwhelmingly targeted in such scams, according to the data.
A total of 14,190 government impersonation scams were logged last year, up from 11,554 in 2022. The FBI previously said that some $55 million were lost to impersonation scams filed to IC3 between May and December last year.
The Federal Trade Commission last month finalized a measure that would empower the agency to go after entities that impersonate government officials and others using AI tools. U.S. voters got a taste of this in January when a Texas-linked robocalling operation allegedly disseminated phone calls featuring an AI-generated voice of President Joe Biden during the New Hampshire primary.