The numbers are in, and they’re clear: if you work for the government, you’d better be wary, because you’re the No. 1 target for ransomware thieves.
Pulling information from Blackfog, Statista found that from January to November of 2021, 244 ransomware attacks were publicized. That was a 25% increase from the same period of the previous year. Of those incidents, 47 were launched against government entities, representing nearly 20% of all reported attacks.
The second and third most-attacked industries were education and healthcare, at 35 and 33 attacks respectively. Rounding out the field were services, at 28 attacks; technology, with 27; manufacturing, with 22; retail, at 13 attacks, and finance, with nine attacks.
It’s important to note that these are the reported attacks. As many, if not most, ransomware attacks go unreported, the total number of attacks is undoubtedly much higher. In fact, Statista quoted a figure from Cybersecurity Ventures estimating that a ransomware attack took place every 11 seconds in 2021.
Government agencies are juicy targets for ransomware gangs, and sometimes the hackers get into a network and remain there for months. One reason governments are targeted so often is that they’re assumed to have the funds to pay the demanded ransom. That may be changing in some places, as government entities in North Carolina were recently barred by law from paying ransoms. That model may be spreading as well.
Will that mean ransomware actors will begin targeting non-governmental entities more often? Only time will tell. In any event, these figures indicate how crucial it is for governments to assume the “when, not if” mindset in terms of ransomware attacks. If it hasn’t happened to you yet, it’s just a matter of time until it does. Plan accordingly.