The pair of ransomware attacks were a “wake-up call” because it underscored that ransomware isn’t just a business problem, but a national security problem that can affect many people, Leroy Terrelonge, VP and cyber risk senior analyst at Moody’s Investors Service, said Thursday during a virtual Moody’s event.
This more concerted effort to reduce financial exposure to cyberattacks in the U.S. hasn’t decreased the number of incidents, but it has lessened the share of global ransomware attacks hitting U.S. organizations.
The global share of ransomware attacks in the U.S. fell from 65% in 2020 to 46% in 2022, according to research from RMS, a Moody’s company.
Ransomware gangs still target U.S.-based organizations more than any other, but the scale of that distinction is plunging. Other regions, especially Europe and the Asia-Pacific region, are feeling more pain as ransomware gangs shift attention outside the U.S., according to Moody’s.
“The U.S. government has not been making it easy at all for ransomware gangs,” Terrelonge said. International collaboration between law enforcement has resulted in sanctions, cryptocurrency seizures and the arrest and extradition of some ransomware actors to face charges in the U.S.
A coordinated response from U.S. government officials is demonstrably reducing exposure to U.S.-based credit issuers, but the knock-on effect is that it’s increasing risk in other countries, Terrelonge said.
A series of high-profile ransomware attacks in Australia, including the late September attack on Optus, the country’s second-largest wireless carrier, signifies the extent to which ransomware activities are migrating.
“We’ll continue to see that as ransomware actors are shifting their operations around the globe,” Terrelonge said.
“We’re seeing a concerted effort to tackle these cyberattacks and there’s going to be a little bit of turbulence as we see the effect of these attacks,” he said. “But I think over time we’re going to see that things will get better as they’re able to tune the measures against ransomware attacks.”