Barracuda researchers identified and analysed 175 publicly reported ransomware attacks from the past 12 months, and found that in three key industries – municipalities, education, and healthcare – reported attacks have doubled since last year and more than quadrupled since 2021.

Researchers also saw a spike in the number of attacks on infrastructure-related industries.

Barracuda, a leading provider of cloud-first security solutions, published its fifth annual Threat Spotlight on ransomware. The new report looks at ransomware attack patterns that occurred between August 2022 and July 2023.

An in-depth look at ransomware trends
Barracuda researchers analysed 175 publicly reported successful ransomware attacks across the world between August 2022 and July 2023, and in the primary categories Barracuda has been tracking municipalities, healthcare and education the number of reported attacks have all doubled since last year and more than quadrupled since 2021.

While successful ransomware attacks targeting infrastructure-related industries are lower in volume compared to the top three sectors, these industries also experienced more than twice the number of attacks compared to last year.

Municipalities and education continue to be soft targets because they are resource constrained, and successful healthcare and infrastructure attacks have an immediate and potentially severe impact on human lives, which cybercriminals try to exploit to increase the likelihood of getting paid. In many countries, one or more of these sectors may be legally obligated to report cybersecurity incidents, which makes the impact more visible as well. 

The proportion of ransomware attacks increased year over year across all five focus industries except financial organizations. Attacks on municipalities increased from 12% to 21%; attacks on healthcare increased from 12% to 18%; attacks on education went up from 15% to 18%; and infrastructure went from 8% to 10%. In comparison, attacks on financial institutions dropped from 6% to 1%, perhaps a sign these organizations are getting better at protecting themselves.   

The analysis revealed similar patterns of escalation in other industries, particularly ransomware attacks on software businesses.

In the past 12 months, Barracuda's SOC-as-a-service team observed the following types of incidents: business email compromise (BEC), ransomware, malware infection, insider threat, identity theft, and data leakage. Ransomware accounted for 27.3% of incidents, second only to BEC (36.4%).

This year also, Barracuda researchers also took a closer look the impact of generative AI tactics on ransomware attacks, looking at ways cybercriminals can use these capabilities to strike faster and with better accuracy.

"The number of successful ransomware attacks continues to climb and shows no signs of slowing down," says Fleming Shi, Chief Technology Officer at Barracuda. 

"Recent advances in generative AI will only help ransomware gangs increase the rate of attack with more effective cyber weapons," says Shi. 

"That is why its essential for organisations to have tools in place to detect and prevent attacks, but also to be resilient and prepared to recover from an attack."