Ransomware Attacks in United States Likely to Increase

The U.S. Department of Homeland Security’s Office of Intelligence and Analysis assess that ransomware attacks targeting US networks are likely to increase in the near and long term because cybercriminals have developed effective business models to increase their financial gain, likelihood for operational success, and anonymity. Growing demand for ransomware-as-a-service (RaaS) and the use of initial access brokers (IAB) probably have helped cybercriminals reduce overhead costs and deepen their technical expertise. We assume global environmental factors also serve to sustain these operations, including broadly available vulnerabilities in networks, cybercriminals operating in permissive environments, and the ability for financially driven actors to act with at least some anonymity, including through the use of cryptocurrency.