649 organizations targeted by ransomware across critical infrastructure sector in 2021, FBI IC3 report discloses

A report by the FBI’s Internet Crime Complaint Center (IC3) revealed that close to 650 complaints were received from organizations belonging to the critical infrastructure sector last year. These organizations were victims of ransomware attacks. The IC3 report further anticipates an increase in critical infrastructure victimization this year.

“Of the known ransomware variants reported to IC3, the three top variants that victimized a member of a critical infrastructure sector were CONTI, LockBit, and REvil/Sodinokibi,” the FBI said in its report titled ‘Internet Crime Report 2021.’

The IC3 data comes as U.S. President Joe Biden has asked critical infrastructure owners and operators to improve domestic cybersecurity and bolster national resilience. The latest warning comes in the wake of ‘evolving intelligence’ that the Russian government is exploring options for potential cyberattacks. In the heightened threat environment, the FBI reportedly warned the U.S. energy sector about network scanning activity stemming from multiple Russia-based IP addresses. 

The IC3 report received last year a record number of complaints from the American public with 847,376 reported complaints, which was a 7 percent increase from 2020, with potential losses exceeding US$6.9 billion. Among the 2021 complaints received, ransomware, business e-mail compromise (BEC) schemes, and the criminal use of cryptocurrency are among the top incidents reported. In 2021, BEC schemes resulted in 19,954 complaints with an adjusted loss of nearly $2.4 billion, the report added. 

The IC3 report said that of the 16 critical infrastructure sectors, its reporting indicated 14 sectors had at least one member that fell victim to a ransomware attack in 2021. 

According to information submitted to the IC3, CONTI most frequently victimized the critical manufacturing, commercial facilities, and food and agriculture sectors. LockBit most frequently victimized the government facilities, healthcare and public health, and financial services sectors. REvil/Sodinokibi most frequently victimized the financial services, information technology, and healthcare and public health sectors, it added.

Of all critical infrastructure sectors reportedly victimized by ransomware in 2021, the healthcare and public health, financial services, and information technology sectors were the most frequent victims. 

The IC3 report said that in June last year it began tracking reported ransomware incidents in which the victim was a member of a critical infrastructure sector. “There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on our security, national economy, public health or safety, or any combination thereof,” it added. 

The IC3 released a Joint Cybersecurity Advisory (CSA) last October on the ongoing cyber threats to the U.S. water and wastewater systems. In September, the IC3 posted a Private Industry Notification (PIN), which warned that ransomware attacks targeting the food and agriculture sector disrupt operations, cause financial loss, and negatively impact the food supply chain. 

The IC3 also posted an FBI Liaison Alert System (FLASH) report last May that advised the FBI identified at least 16 CONTI ransomware attacks targeting U.S. healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year. Last March, the IC3 had issued a FLASH warning that FBI reporting indicated an increase in PYSA ransomware targeting education institutions in 12 U.S. states and the U.K.

The FBI does not encourage paying a ransom to hackers. “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and /or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered,” it added. 

The report also added that “regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to your local FBI field office or the IC3.” 

Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks, it added.

The issue of ransomware surfaced in comments delivered this week by Alejandro Mayorkas, secretary of Homeland Security, at the Hack the Port 22 cybersecurity event, where he said, “what concerns us is not solely a direct, physical assault on our maritime infrastructure. What we track now, more than anything, is the expanding role of cyberattacks like ransomware and malware and the risk they can pose with respect to the maritime sector, specifically,” he added.

The threat to the maritime transportation sector was also raised by Jen Easterly, Cybersecurity and Infrastructure Security Agency (CISA) director in her address at the same conference on Tuesday. 

“Given the vital role of the industry, the importance of securing systems and functions that make up the maritime transportation sector cannot be overstated,” Easterly said at the Hack the Port conference on Tuesday. “That said, protecting the industry from cyber threats is really becoming increasingly complex, as connected and often unsecure control systems make maritime organizations a prime target for malicious actors,” she added.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.