FBI: 870 Critical Infrastructure Organizations Were the Victim of Ransomware in 2022

Stu Sjouwerman | Apr 5, 2023

FBI WarningThe FBI’s newly-released report shows just how ransomware continues to plague critical infrastructure sectors, despite the U.S. government’s recent efforts to stop these attacks.

You’ll probably recall the news about ransomware attacking the Colonial Pipeline and other U.S. critical infrastructure (CI) to the point that the government was stepping up their efforts to stop these attacks and even conducting congressional hearings on what to do about the problem. The FBI reported that nearly 650 CI businesses were hit in 2021. We’d all like to think that the introduction of the involvement of the U.S. government would spell the end of attacks on such important industry vectors that keep the country going.

But according to the FBI’s latest Internet Crimes Report that covers 2022, the number of CI businesses attacked increased by 34% in 2022, rising to 870.

In short, CI industries have plenty to be worried about. According to the FBI, Lockbit, BlackCat and Hive were the top three ransomware strains used in these attacks, targeting 16 CI sectors (shown below).

3-9-23 IMAGE

Source: FBI

According to the FBI, 14 of the 16 sectors had at least one attack that was successful, but did not go into detail on how many succumbed to an attack in total.

As an additional layer of security, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) began a pilot program - Ransomware Vulnerability Warning Pilot (RVWP) – which scans CI networks for internet-exposed devices that could be exploited.

In the meantime, CI organizations need to also focus on the number one ransomware initial attack vector – phishing. Users need to undergo continual Security Awareness Training to stifle scams, social engineering and BEC attacks that may be a prelude to a ransomware attack.

Topics: Ransomware

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.