Privacy Ninja

FBI: Ransomware Hit 649 Critical Infrastructure Orgs in 2021

FBI: Ransomware Hit 649 Critical Infrastructure Orgs in 2021

The Federal Bureau of Investigation (FBI) says ransomware gangs have breached the networks of at least 649 organizations from multiple US critical infrastructure sectors last year, according to the Internet Crime Complaint Center (IC3) 2021 Internet Crime Report.

However, the actual number is likely higher given that the FBI only started tracking reported ransomware incidents in which the victim a critical infrastructure sector organization in June 2021.

Also, the FBI did not include attacks in its statistics if the victims did not file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

“The IC3 received 649 complaints that indicated organizations belonging to a critical infrastructure sector were victims of a ransomware attack,” the FBI said [PDF].

Also Read: PDPA Compliance for HR Managers in Singapore: A Must

“Of the 16 critical infrastructure sectors, IC3 reporting indicated 14 sectors had at least 1 member that fell victim to a ransomware attack in 2021.”

Throughout last year, the FBI issued multiple advisories, Private Industry Notifications (PINs), and flash alerts warning of ransomware targeting critical infrastructure, including U.S. Water and Wastewater Systems, the Food and Agriculture sectorU.S. Healthcare and First Responder networks, and education institutions.

Since December, the FBI also revealed that the Ragnar Locker ransomware gang breached the networks of at least 52 critical orgsCuba ransomware compromised at least 49 U.S. critical infrastructure entities, while the BlackByte ransomware gang hit at least three others.

Critical infrastructure ransomware hits
Image: FBI

Top gangs behind attacks against U.S. critical infrastructure

The top three ransomware gangs that breached critical infrastructure orgs’ networks, based on the number of attacks, were CONTI (with 87 victims), LockBit (with 58), and REvil/Sodinokibi (with 51).

Also Read: 5 Workplace Tips: Protecting Information on Mobile Devices

These groups’ operators hit some sectors more than others, with CONTI most frequently attacking the Critical Manufacturing, Commercial Facilities, and Food and Agriculture sectors.

On the other hand, LockBit ransomware was more often used against Government Facilities, Healthcare and Public Health, and Financial Services sectors. 

At the same time, REvil/Sodinokibi mainly targeted Financial Services, Information Technology, and Healthcare and Public Health sectors.

Top ransomware critical infrastructure
Image: FBI

The FBI said it doesn’t encourage paying ransoms since victims have no guarantee that this will prevent future attacks or leaks of stolen data.

Instead, paying ransoms will further motivate the ransomware gangs to target even more victims and incentivize other cybercrime groups to join in and launch ransomware attacks.

Victims are urged to report ransomware incidents to their local FBI field office or the IC3. This will provide the investigators with critical info to track ransomware groups, hold them accountable, and prevent other attacks.

As part of IC3’s 2021 Internet Crime Report, the FBI added that it “anticipates an increase in critical infrastructure victimization in 2022.”

“The 2021 Internet Crime Report includes information from 847,376 complaints of suspected internet crime—a 7% increase from 2020—and reported losses exceeding $6.9 billion,” the FBI added.

“The top three cyber crimes reported by victims in 2021 were phishing scams, non-payment/non-delivery scams, and personal data breach.”



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us