Who is targeted by ransomware? 

Who is targeted by ransomware

Ransomware is now commonplace within many industries around the world. Over the past three years, especially during the pandemic, ransomware attacks have increased in many different sectors including government, healthcare, education, professional services, and manufacturing. 

According to the FBI’s Internet Crime Report 2021, America experienced an unprecedented increase in cyber-attacks and malicious cyber activity during 2021. These cyber-attacks compromised businesses in an extensive array of sectors as well as the American public. This trend extended right around the world.  

Who is targeted by ransomware? Private businesses, universities, and governments have spent hundreds of millions on ransomware attacks. Not only is it the cost of paying the ransom (which the FBI advises against), but extensive costs on cleaning up the aftermath – from rebuilding systems and networks to restoring backups and increasing cybersecurity measures. 

What’s more, the cost of downtime ransomware targets face after the attack is between five to ten times more than the ransom amount. The average downtime is now estimated to be at around 10 days with costs escalating year on year. With that in mind, let’s take a closer look at the industries impacted by ransomware. 

Top ransomware targets 

Ransomware attacks have tended to focus on government agencies and big businesses because they’re the ones who usually pay up. Ransomware targets are usually those with a weak cybersecurity infrastructure. However, attacks have evolved, and hackers are now targeting specific organisations to reach specific targets and assets.  

Some of the key industries becoming ransomware targets include: 


The FBI’s internet crime report outlined how there were at least 649 ransomware attacks on critical infrastructure healthcare organisations in the United States alone from June 2021 to December 2021. The United Kingdom’s National Health Service also revealed a significant increase in ransomware attacks which highlights only a small snippet of the threat globally. Healthcare bosses are now only too happy to deploy an array of methods, policies, and technologies to prevent ransomware attacks from bringing down their network or systems, and from leaking important data and sensitive information.  


Education is also one of the main ransomware targets. University College London, the University of Calgary, and Los Angeles Valley College are just a few educational facilities that have suffered at the hands of hackers.

The education sector presents an easy target to ransomware attackers for many reasons. Students are often easy targets and not really aware of ransomware attack methods. They can be targeted through malicious files or attachments, or by visiting websites that could prove damaging to educational networks or systems. The interconnected nature of university campuses, and the way the networks are configured, make way for malware infiltration points. Educational facilities also suffer from cost constraints surrounding their IT systems, which can cause lapses in security and creates a feeding ground for hackers.  

For instance, Howard University, one of America’s leading colleges, cancelled classes in September 2021 after it was hit by a ransomware attack. More than 11,000 undergraduate, graduate, and professional students are enrolled in the university and their sensitive data was put at risk. Howard worked with the FBI and city officials to rectify the damage and install extra safety measures to protect the university’s data. 


Cyber attackers targeted county and city governments across America with 79 recorded ransomware attacks in 2020, which impacted an estimated 71 million people. During the same timeframe, the average ransom demanded from governmental related organisations stood at US$570,857, with millions being paid out to hackers at the same time.  

Government entities right around the world continued to be threatened throughout 2021, which has seen a lot of rules, regulations and policies put in place to ensure government agencies and third-party vendors are protecting themselves and their supply chain against attack.  

Energy & utility 

The energy & utility industry is the lifeline of every economy around the world. Electricity powers our hospitals, traffic systems, and water treatment plants, whereas the oil producers keep our cars on the roads. With so much riding on the industry, hackers are targeting firms to infiltrate their systems, charging large sums to set them free and causing widespread damage at the same time. The three most important attacks of recent times include the Colonial Pipeline attack, the Volue ASA attack, and the infamous COPEL and Electrobras attack. All three caused many millions in damages and affected the ‘production’ line. 

Ransomware remediation strategies 

Here, RiskXchange has highlighted the top three ransomware remediation strategies to help fight ransomware attacks: 

  1. Strong patching cadence  

Ensure a strong patching cadence. Going “back to basics” is the best way to prevent ransomware attacks. Ensuring a robust cybersecurity hygiene model and strong, consistent performance is important when it comes to protecting your network against attack.   

  1. Identify misconfigured systems  

Ransomware targets and regularly exploits weak configuration management protocols, the misconfigured TLS/SSL configurations being the most notable. TLS/SSL certificate and configuration management have so far proven particularly challenging for security teams. Organisations tend to have hundreds, if not thousands of TLS/SSL certificates that identify each internet-connected device in their network. For security teams trying to pinpoint a TLS/SSL security misconfiguration is like looking for a needle in a haystack. RiskXchange, however, can scan for misconfigured TLS/SSL certificates alongside other vulnerabilities to help secure your network or system.   

  1. Continuously monitor your vendors’ security postures  

The key to mitigating third-party risk is through understanding your vendors’ security postures. However, vendor evaluation via security assessments and questionnaires doesn’t always paint a full picture and only records a moment-in-time view of risk instead of an overall accurate assessment. Continuously monitoring your vendors’ security posture is key to preventing an attack. 

Get in touch with RiskXchange to find out more about who is targeted by ransomware and how to fight against ransomware attacks.