Ransomware Attacks Plunged 48 Percent In US Last Year: SonicWall

The newly released SonicWall Cyber Threat Report also showed a 21-percent decline in ransomware attack volume worldwide last year.


In a major reversal from prior years, the volume of ransomware attacks globally dropped by 21 percent in 2022, year-over-year, with a 48-percent decline in the U.S., SonicWall said in a new report Tuesday.

“It’s encouraging that we’re seeing a decrease” in ransomware attacks, SonicWall CEO Bob VanKirk said in an interview with CRN. At the same time, “the number of attacks still is staggering,” VanKirk said.

[Related: Ransomware Attacks, Payments Declined In 2022: Report]

Sponsored post

The 2023 SonicWall Cyber Threat Report showed the first year-over-year decline in ransomware volume in several years, and a reversal from the massive expansion of ransomware attacks seen in 2021.

While ransomware climbed steadily from 2019 to 2020, ransomware attacks more than doubled globally in 2021 — surging by 105 percent, according to SonicWall data. The 2021 attacks included a series of hugely disruptive incidents such the ransomware attacks against Colonial Pipeline and Kaseya.

In 2022, however, the decline in ransomware attack volume (shown in the SonicWall chart above) was accompanied by a notable lack of incidents that caused such high levels of disruption.

Meanwhile, ransomware attacks against organizations in the U.S. declined even more sharply than they did worldwide, though the country remained the biggest target for ransomware in 2022.

According to Proofpoint data released Tuesday, fewer organizations overall were hit with ransomware in 2022, as well. The findings show that 64 percent of organizations experienced ransomware infections in 2022, down from 68 percent in 2021 and 66 percent in 2020.

At the same time, SonicWall notes that 2022 was still the second-worst year ever for ransomware attack volume, behind only 2021. The worldwide ransomware attack volume in 2022 was “still far above the levels seen in 2017, 2018, 2019 or 2020,” the company said in its report. The company’s data is based on its global network of 1.2 million sensors, including firewalls and endpoints.

At managed services provider Edge Solutions Group, helping to lock down clients against ransomware attacks was a main theme of 2022 for the MSP following a ransomware incident at a client, said Michael Kamen, founder and CEO of the Santa Monica, Calif.-based company. “Our entire focus for last year was, we can never have this happen again,” Kamen said.

In all likelihood, there are enough other customers and security services providers that have gone through similar experiences that, at this point, a lot more organizations are well-protected against ransomware and better able to fend off attempted attacks, he said.

“It would only make sense that putting this tremendous amount of effort has to have some kind of a result,” Kamen said. “And I think that‘s what you’re seeing in [the ransomware numbers].”

A report from IBM X-Force released last week suggests that in 2022, threat detection tools caught more intrusions at early stages of the attack, prior to deployment of ransomware.

Pivot To Different Attacks

In terms of other factors behind the ransomware declines in 2022, the SonicWall report details a greater focus for some cybercriminals on data extortion and a shift away from ransomware.

More organizations have implemented “strong” backups and incident response plans, which has made encrypting files a less-effective tactic, according to the report. SonicWall pointed to the existence of extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

SonicWall suggested in its report that threat actors may have switched gears from ransomware to other types of attacks as well in 2022. Cryptojacking attacks grew by 43 percent, year-over-year, while IoT malware surged by 87 percent, according to the report. Attackers are proving once again that “they will quickly pivot to where the opportunity is,” VanKirk said.

Multiple major disruptions to ransomware groups in 2022 — including those related to Russia’s invasion of Ukraine and law enforcement interventions — are other likely factors in the ransomware drop last year.

“2022 was another banner year for ransomware busts, as law enforcement in the U.S., U.K., Canada, Brazil and even Russia brought some of ransomware’s key players to justice,” SonicWall said in its report. A prominent example was Russia’s apparent dismantling of the REvil ransomware group, believed to have carried out the Kaseya attack, with the help of U.S. intelligence in January 2022.

Ultimately, “we applaud the efforts of law enforcement” in the cybercrime arena, VanKirk said. “I think the more we can continue to work public-private [collaborations] there, the better collectively we’ll be.”

Unfortunately, SonicWall’s report showed that the volume of ransomware attacks spiked in the fourth quarter of 2022. Not only was it the highest volume of attacks during the year, but it was actually a year-over-year increase from Q4 of 2021.

In 2023 so far, significant ransomware attacks have included the ESXiArgs campaign, which compromised thousands of VMware ESXi servers in Europe and North America in February by exploiting a two-year-old vulnerability.

Whether it’s with a rebound in ransomware, or with more attackers switching to other types of attacks, “I don’t see things slowing down” in terms of malicious cyber activity overall, VanKirk said.