The increased sophistication of ransomware gangs has made attackers much more mindful about who they target. The days of indiscriminate, spray-and-pray ransomware attacks are long gone: the most sophisticated ransomware gangs now carry out extensive due diligence before initiating an attack. Essentially, there is a method to their madness.
The one upside to the increasing sophistication of ransomware attackers is that by using industry research, we can identify the most at-risk sectors, understand why they are at risk, and devise ways to mitigate that risk. So, let’s do just that.
Breakdown of Ransomware Attacks by Industry in H1 2024
In early July this year, Comparitech, a tech research company, released a report titled Ransomware Roundup: H1 2024. It provides information on 420 confirmed attacks in the first half of 2024, including the average ransom amount (over $5.2 million), the number of individual records affected (35.3 million), and, most importantly, which sectors attackers targeted most.
Healthcare: 91 Attacks
Unsurprisingly, the healthcare sector tops the list in H1 2024. Healthcare has long been a favorite target for ransomware attackers because they are particularly susceptible to coercion. An attack can potentially endanger lives, meaning healthcare providers are more likely to pay ransoms. Moreover, many healthcare organizations have outdated, interconnected systems, meaning attacks are easier to pull off and cause significant damage when they do.
As with other sectors on this list, attacks on healthcare providers are often financially and politically motivated. Russia is well known for tolerating cybercriminal activity targeted at countries it sees as political adversaries, thus giving them plausible deniability. Such attacks on the healthcare sector – such as those on an already struggling NHS – can help undermine confidence in government abilities.
Government: 82 Attacks
Government agencies were another favorite target for cybercriminals in H1 2024. Attacks on government entities can disrupt public services and compromise sensitive data, leading to significant public and political fallout. As with healthcare, ransomware attacks on government systems often carry dual motives: financial gain for cybercriminals and advancing geopolitical agendas. Amidst an increasingly tense geopolitical landscape, it’s no surprise that ransomware attackers targeted government entities so often in H1 2024.
Education: 52 Attacks
The education sector is perhaps the most surprising feature at the top end of this list. While educational institutions hold a significant amount of valuable personal data, they typically need more financial resources and the strategic importance of healthcare, government, or manufacturing organizations.
Education being the third most targeted sector in H1 2024 tells us something about ransomware attackers: they are looking for easy targets, even if the potential financial or political gains aren’t exceptionally high. Education organizations typically lack robust cybersecurity defenses, making them relatively easy to attack.
Manufacturing: 46 Attacks
With manufacturing coming in fourth, we’re back to the more typical attack targets. The manufacturing sector is particularly vulnerable to ransomware attacks due to the high cost of downtime, the critical nature of operations, and potential safety risks resulting from compromised systems. Time is money in manufacturing, meaning organizations are often motivated to pay ransoms quickly and get their systems back online. The manufacturing sector is also another popular target for politically motivated attacks.
Service: 26 Attacks
As the service industry is not a traditional ransomware attack target, this further indicates that ransomware attackers are increasingly turning to sectors with weaker defenses. Moreover, disruptions to the service industry can lead to loss of clientele and revenue, compelling victims to pay ransoms to resume operations.
Finance: 26 Attacks
The finance sector falling so low down the list is arguably the most notable outcome from the Comparitech report. Financial institutions are lucrative targets due to the sensitive nature of the data they handle and their critical role in the economy. As such, they have long been a favorite target for politically and financially motivated attackers. Ransomware gangs are likely targeting the finance sector less frequently because, being such a popular target for so long, it has wised up and bolstered its cybersecurity defenses, making a successful attack less likely.
Food and Beverage: 24 Attacks
Supply chain disruptions in the food and beverage sector can lead to immediate shortages and significant financial losses, pressuring companies to resolve incidents quickly.
Retail: 18 Attacks
The high dependency on continuous sales and operations makes retail organizations vulnerable, as downtime directly affects revenue. Moreover, data breaches involving customer information can lead to severe reputational damage.
Construction: 16 Attacks
Disruptions in the construction sector can delay projects and result in hefty financial penalties, incentivizing quick resolutions. In an era where many of the world’s most powerful countries run large-scale infrastructure projects, attacks on the construction industry may also be politically motivated.
Tech: 16 Attacks
Contrary to what one might expect, the tech sector suffered a relatively low number of ransomware attacks in the first half of 2024. Despite handling enormous quantities of valuable, sensitive data, tech organizations typically have strong cyber defenses, meaning they are a less viable target for ransomware attackers.
Utilities: 12 Attacks
Utilities organizations are critical infrastructure targets. Disruptions in this sector can impact other industries and public services, making them high-stakes targets often involving geopolitical motives. However, utilities likely fell so far down H1 2024’s list because they have improved their defenses. Attacks on utility organizations grew 200% in 2023, so they may have responded by improving their defenses and warding off attacks.
Transportation: 11 Attacks
Transportation is critical, and even short disruptions can have significant economic impacts, making it an attractive target for cybercriminals. This criticality, however, means that utility organizations typically invest more in cyber defenses than others, bringing attack rates down.
Conclusion
The first half of 2024 has underscored the growing ransomware threat across diverse sectors. As they bolster defenses, traditional targets fall to the wayside, while less lucrative but more vulnerable sectors are suffering more attacks. As such, it’s crucial that any organization – regardless of size or sector – invest in cybersecurity and take proactive measures to prevent attacks.
About Author:
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
0 Comments