Over 4,000 confirmed ransomware incidents in 2021, task force says

The number of reported attacks against local governments and schools is down in 2022, but the overall threat is not slowing down, the Ransomware Task Force said.
(Getty Images)

A report published Wednesday by the Institute for Security and Technology’s Ransomware Task Force says that its data sources counted more than 4,000 documented attacks last year involving varieties of extortion malware, targeting organizations across every sector in 109 countries.

The data comes a few weeks after the one-year anniversary of the task force, a group of more than 60 public-sector and industry experts who last year drafted a book of recommendations for the U.S. government to take against what they called a rising global threat.

The incidents the Ransomware Task Force includes in its latest publication include attacks traced to more than 60 different criminal outfits. And while the attacks span geography and industry, nearly half affected victims in the United States, and 70% targeted organizations with fewer than 500 employees.

Those figures could also be a preview of more agony to come.


“We expect the scale and scope will increase,” said Megan Stifel, a co-chair of the Ransomware Task Force. “This information is proving that point. We still think this picture is incomplete. A lot more needs to be done.”

The task force said in May that several of its initial recommendations have since been adopted by the U.S. government, including a new law that will require critical-infrastructure operators to report ransomware attacks, and stepped-up efforts by the Treasury Department to disrupt ransomware actors’ financial channels.

But the report published Wednesday also offers a cloudy picture of the ongoing ransomware threat against the U.S. local government, education and health sectors, with the number of incidents reported in 2022 down significantly from a year ago. As of the report’s publication, there were 64 publicly disclosed attacks against municipalities, schools and hospitals this year, compared with nearly 200 at this point in 2021.

The Ransomware Task Force suggests a handful of possible reasons, including certain ransomware families stopping their operations, the war in Ukraine or more victims paying ransoms.

“I think it’s an open question,” Stifel told StateScoop. “There is no consensus on whether actual attacks are down. We need to press forward on other factors.”


A few state governments have implemented anti-ransomware measures of their own, notably North Carolina, which earlier this year became the first to outlaw public-sector entities from paying hackers’ demands. The Ransomware Task Force’s policy suggestions have also included the creation of a pool of money to help local-government victims recover from incidents.

“Not to pay the ransom but to recuperate and recover,” she said. “That’s a piece that could also be relevant and helpful here.”

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts