Getty Images

Publicly disclosed U.S. ransomware attacks in 2023

TechTarget Editorial's ransomware database collects public disclosures, notifications and confirmed reports of attacks against U.S. organizations each month.

Ransomware attacks continue to plague the U.S., and it's often difficult to gauge just how bad the problem is.

The lack of transparency and consistent reporting for ransomware attacks has hampered visibility into the threat, making it challenging to determine how many organizations have been victimized.

Since the beginning of 2022, TechTarget Editorial's security news team has researched and tracked public disclosures and reports of attacks against organizations in the U.S. each month in a ransomware database. The database compiles data breach notification letters from various state and federal government agencies as well as publicly confirmed reports of ransomware attacks.

The ransomware targets have ranged from municipal government services, public school systems, private universities, small businesses and large enterprises across the country. Last year, nearly 300 attacks against U.S. organizations were recorded in TechTarget Editorial's 2022 ransomware database, though the number of actual attacks was almost certainly higher.

Breach notification letters submitted to various state and federal agencies are often vague and provide little detail about the nature of the security incident in question. In addition, organizations sometimes avoid disclosing or confirming whether such incidents involved ransomware, even when the attacks contain tell-tale signs.

As such there are typically several breach notifications letters each month that describe security incidents indicative of a ransomware attack. But they do not explicitly state that one took place.

TechTarget Editorial's ransomware database includes notifications that either explicitly state that ransomware was involved or includes language that indicates systems and data were encrypted by malicious actors. In the absence of direct confirmations from victim organizations, TechTarget Editorial assesses corroborating information, such as third-party reports and claims from ransomware gangs to determine if a ransomware attack likely took place.

The database does not include attacks claimed by ransomware gangs without corroborating evidence, such as leaked data or a corresponding disclosure of a cyber attack from the purported victim organization. It also omits attacks by extortion groups that do not deploy actual ransomware and only steal and exfiltrate sensitive data.

While malware-less extortion attacks are becoming more common, this database lists attacks by known ransomware gangs. Some incidents may not involve malware deployment because threat activity was detected or blocked before the payload could be delivered.

Below are the ransomware attacks TechTarget Editorial has tracked for each month in 2023. The entries include the following data for each incident:

  • The name of the organization that was attacked
  • When the attack was first publicly disclosed, either through a notification letter or confirmed report
  • When the attack occurred
  • The victim's location/headquarters

In addition, TechTarget Editorial provides a recap of each month's ransomware activity in separate articles that examine some of the more notable attacks and emerging trends.

February 2023
Name of the victim organization Disclosure/report date Attack date Organization location
Regal Medical Group 2/1/2023 12/2/2022 Reseda, CA
Tallahassee Memorial HealthCare 2/3/2023 2/2/2023 Tallahassee, FL
Wayne County Police 2/3/2023 2/3/2022 Detroit, MI
Berkeley County Schools 2/6/2023 2/3/2023 Martinsburg, WV
MKS Instruments Inc. 2/6/2023 2/3/2023 Andover, MA
Mount Saint Mary College 2/9/2023 12/20/2022 Newburgh, NY
City of Oakland 2/9/2023 2/8/2023 Oakland, CA
City of Modesto 2/9/2023 2/3/2023 Modesto, CA
A10 Networks 2/10/2023 1/23/2023 San Jose, CA
The Donovan Company 2/14/2023 12/20/2022 Irvine, CA
Penhall Company 2/15/2023 12/28/2022 Irving, TX
Tom James Company 2/17/2023 8/20/2022 Franklin, TN
Dole Food Company 2/17/2023 2/10/2023 Westlake Village, CA
Minneapolis Public Schools 2/21/2023 2/20/2023 Minneapolis, MN
Lehigh Valley Health Network 2/22/2023 2/6/2023 Allentown, PA
Alvaria Inc. 2/22/2023 11/28/2022 Westford, MA
Encino Energy 2/24/2023 2/2023 Houston, TX
U.S. Marshals Service 2/27/2023 2/17/2023 Arlington, VA
Dish Network 2/28/2023 2/23/2023 Englewood, CO
New Enchantment Group, LLC 2/28/2023 10/4/2022 Scottsdale, AZ
January 2023
Name of the victim organization Disclosure/report date Attack date Organization location
The Housing Authority of the City of Los Angeles 1/2/2023 12/31/2022 Los Angeles, CA
Swansea Public School District 1/3/2023 1/3/2023 Swansea, MA
Maternal & Family Health Services 1/5/2023 4/2/2022 Wilkes-Barre, PA
Aus, Inc. 1/6/2022 11/28/2022 Mount Laurel, NJ
Integrity Financial Services Group, LLC 1/6/2022 11/23/2022 Portland, OR
San Francisco Bay Area Rapid Transit 1/8/2023 1/6/2022 San Francisco, CA
Lee Kennedy Co. Inc. 1/9/2023 12/2/2022 Quincy, MA
Des Moines Public Schools 1/9/2023 1/9/2023 Des Moines, IA
Calvary Albuquerque, Inc. 1/12/2023 3/10/2022 Albuquerque, NM
Circleville Municipal Court 1/12/2023 1/1/2023 Circleville, OH
Yum! Brands 1/18/2023 1/13/2023 Louisville, KY
Omega Morgan 1/18/2023 10/28/2022 Hillsboro, OR
Livingston Memorial VNA Health Corporation 1/20/2023 2/19/2022 Ventura, CA
Pattillo Construction Corporation 1/23/2023 11/25/2022 Atlanta, GA
Wawasee Community School Corporation  1/23/2023 1/20/2023 Syracuse, IN
Lutheran Social Services of Illinois 1/25/2023 1/27/2022 Des Plaines, IL
Stratford University 1/26/2023 8/27/2022 Alexandria, VA
St. Rose Hospital 1/27/2023 11/29/2022 Hayward, CA
Tucson Unified School District 1/30/2023 1/28/2023 Tucson, AZ
Atlantic General Hospital 1/31/2023 1/30/2023 Berlin, MD
Nantucket Public Schools 1/31/2023 1/31/2023 Nantucket, MA
This was last published in March 2023

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
Cloud Computing