Unlike past years, cybercriminals didn’t take a break over the winter holidays.
The number of victims posted on ransomware extortion sites rose more than 20% in December to 241 organizations — the highest monthly count since April, according to data collected by Recorded Future.
By comparison, the number of victims posted on these sites in December 2021 was about 30% lower than the previous month. Cybersecurity experts have long said that hackers — like anyone else — often go on vacation towards the end of the year.
“December was weird this year,” said Allan Liska, a Recorded Future ransomware expert who is involved in collecting data on these attacks from extortion sites, government agencies, news reports, hacking forums, and other sources. “We normally see a slowdown at the beginning of December but it picks up in the last couple of weeks as ransomware groups know everyone is heading out of town.”
What was different this year was that there was no slowdown at the beginning of the month — “the entire month of December was busy,” Liska said.
Although it’s unclear why hackers went full steam the entire month, one explanation is increased competition.
“There are just a lot more active groups right now than there have been all year,” Liska said. “Lots of groups vying for victims and trying to cash in as soon as possible.”
While the number of overall victims was up month-to-month, particularly vulnerable sectors seemed to have been spared: In December, there were fewer attacks on healthcare providers, state and local governments, and school districts than the previous month.