Homeland Security: U.S. Ransomware Attacks Have Doubled in the Last Year

Stu Sjouwerman | May 13, 2022

Homeland Security: U.S. Ransomware Attacks Have Doubled in the Last YearA March 2022 report from the Senate Committee on Homeland Security and Governmental Affairs zeros in on the growing problem of ransomware and lessons learned so far.

When Senate committees need to better understand a pressing issue, staff reports are often written to help members understand the scope of the problem. One such report was just released on the topic of ransomware, entitled America’s Data Held Hostage: Case Studies in Ransomware Attacks on American Companies.

In it, some not-so-surprising stats were brought to life to simply and effectively summarize the state of ransomware:

  • 3 million attempted ransomware attacks worldwide in 2021
  • 5 million of those attacks occurred in the United States
  • The U.S. experienced a 98% increase in attacks in 2021

The report provides committee members with three examples of real-world ransomware attacks. The first, in which a multi-sector Fortune 500 company with over 100,000 employees – and 200 employees focused solely on IT security – was the victim of a REvil ransomware attack, presents some quite shocking lessons learned.

  • It took them a week to eradicate the threat actors from having access to their network
  • Backups were one of the reasons it *only* took one week
  • Their biggest takeaway was “the sophistication of hostile actors and the financial means at their disposal

It says a lot when an organization with 200 talented cybersecurity professionals can’t stop a successful attack from occurring (with no offense meant towards them), and when they are warning the rest of us about how sophisticated the cybercriminal really is.

Phishing still represents one of the top initial attack vectors in ransomware attacks, making it imperative that every single employee – from the bottom to the top – enroll in Security Awareness Training that heightens their sense of cyber-vigilance, limiting the attack surface and reducing the likelihood of a successful attack via phishing.

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.