Ransomware Targets

Chris Swagler | December 9th, 2023


In recent years, ransomware attacks have wreaked havoc across a wide spectrum of industries, causing financial losses, data breaches, and operational disruptions. These malicious attacks have become an alarming global phenomenon, targeting organizations irrespective of size or sector. A survey of 3,000 IT professionals in 2023 highlights the widespread nature of this threat, with approximately two out of three organizations reporting ransomware incidents in the preceding 12 months. Here, we delve into the top 13 ransomware targets identified by the survey and other sources, shedding light on the industries that have borne the brunt of these attacks.

Top 13 Ransomware Targets in 2023

  1. Education – The education sector emerged as the primary target for ransomware attacks in 2023, with an alarming 80% of elementary, middle, and high schools and 79% of higher education institutions falling victim to such attacks. The Los Angeles Unified School District and several universities, including the Savannah College of Art and Design and William Carey University, experienced devastating attacks. These incidents not only compromised sensitive data but also disrupted academic activities, highlighting the vulnerability of educational institutions.
  2. Construction and Property – Construction and property-related businesses witnessed a staggering 129% increase in ransomware attacks in just two years, with 71% reporting recent incidents. Attacks on organizations like Marcus & Millichap underscore the vulnerability of the construction and real estate sectors. The ransomware attacks not only disrupted operations but also resulted in significant financial losses.
  3. Central and Federal Government – Ransomware incidents targeting central governments reached 70% globally. The cybercriminal group Conti’s attack on Costa Rica’s central government serves as a vivid example of the havoc such attacks can wreak. Ireland’s national health service also fell victim to ransomware, leading to a state of emergency declaration by the country’s president.
  4. Media, Entertainment, and Leisure – The media, entertainment, and leisure sector endured a 70% attack rate in 2023. Vulnerabilities in this sector often arise from exploited vulnerabilities, leading to widespread security gaps. Notable targets included Macmillan Publishers, Cox Media Group, and Sinclair Broadcast Group, disrupting operations and causing financial losses.
  5. Local and State Government – Local and state government organizations faced a 69% attack rate, resulting in significant disruptions to essential services. Suffolk County, N.Y., had to temporarily shut down systems due to a massive ransomware attack, compromising emergency services. The City of Dallas also suffered a ransomware attack, affecting various municipal functions.
  6. Retail – The retail sector is tied with local and state governments at a 69% attack rate. British retailer FatFace paid a hefty ransom to the Conti ransomware gang, and a supply chain attack on software provider Kaseya affected Swedish grocery store chain Coop.
  7. Energy and Utilities Infrastructure – Despite a slight decrease from previous years, ransomware attacks still plagued 67% of organizations in the oil, gas, and utilities sectors. The infamous DarkSide attack on Colonial Pipeline disrupted fuel supply along the U.S. East Coast. Cybercriminals’ focus on critical infrastructure underscores the potential for catastrophic damage.
  8. Distribution and Transport – Distribution and transport companies, historically attractive targets for ransomware attacks, reported that two out of three had recently fallen victim to such incidents. Danish shipping giant Maersk’s infamous NotPetya attack serves as a stark reminder of the sector’s vulnerability.
  9. Financial Services – The financial services sector saw its attack rate rise from 55% to 64% year-over-year, raising concerns about the potential for widespread financial instability. CNA Financial paid a substantial ransom after a ransomware attack, highlighting the sector’s susceptibility to significant losses.
  10. Business, Professional, and Legal Services – Professional and legal services, including law firms, consulting, and accounting, have become attractive targets for ransomware attacks. Outdated systems and the reliance on IT for critical operations make these organizations vulnerable. In the survey, three in five reported ransomware attacks.
  11. Healthcare – Although the healthcare sector experienced a decrease in attack rates from 66% to 60%, ransomware incidents continue to plague medical institutions. Notably, a ransomware attack on a German hospital led to a patient’s tragic death, highlighting the life-threatening consequences of these attacks.
  12. Manufacturing and Production – Over half of manufacturing companies reported recent ransomware attacks. Dole and JBS USA, major players in the food production industry, suffered significant disruptions, with JBS USA paying a substantial ransom to halt data exfiltration.
  13. IT, Technology, and Telecoms – Organizations in the IT, technology, and telecommunications sector had a lower attack rate of 50%, attributed to better cyber defenses and readiness. Acer, a Taiwan-based PC manufacturer, faced a massive ransom demand from the REvil gang. Additionally, Managed Service Providers (MSPs) like ITRMS have not been spared, emphasizing the wide-ranging reach of ransomware attacks.

Despite variations in attack rates, experts stress that no organization is immune to ransomware attacks. The key is not to avoid them entirely, as this may be impossible, but rather to prepare and survive them. The story of Wenatchee Valley College serves as a stark reminder that even smaller educational institutions can become targets, emphasizing the need for rigorous cybersecurity measures.

With certain sectors being more frequent ransomware targets, it’s essential to recognize that no organization is entirely immune. Cybersecurity experts emphasize the need for comprehensive protection and preparedness to mitigate the impact of these increasingly sophisticated attacks. As organizations across the globe face this ever-growing threat, the resilience to withstand ransomware attacks becomes paramount in an interconnected digital landscape. The fight against ransomware demands constant vigilance, robust security practices, and a collaborative effort across sectors. The evolving threat landscape underscores the importance of adapting and fortifying defenses to protect against these insidious attacks. At SpearTip, we will examine companies’ security posture to improve the weak points in their network. Our team engages companies’ people, processes, and technology to measure the maturity of the technical environments. For all vulnerabilities uncovered, our analysts and engineers provide technical roadmaps ensuring companies have the awareness and support to optimize their overall cybersecurity posture. Our gap analysis allows our engineers to discover blind spots in companies that can lead to significant compromises by comparing technology and internal personnel. We go beyond simple compliance frameworks and examine the day-to-day function of cyber within companies. This leads to critical recommendations by exposing vulnerabilities not only in software but also in their people and processes.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.


Connect With Us

Featured Articles

Cybersecurity Health Checks
Cybersecurity Health Checks: Why Companies Need Them
22 April 2024
New Loop DoS Attack
New Loop DoS Attack Affecting Linux Systems
19 April 2024
Possible Cyberattack
Possible Cyberattack During 2024 Summer Olympics
15 April 2024
Tabletop Exercises
Tabletop Exercises: Transformative Impact on Companies
12 April 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.