Ransomware In 2023 Recap 5 Key Takeaways

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

2023 was an explosive year for ransomware.

While some ransomware trends hardly changed over the last year, such as LockBit’s continued dominance, ransomware criminals also challenged our fundamental assumptions on how ransomware gangs work, such as by exploiting zero-day vulnerabilities. Through thec onsistenciess and evolutions over the last year, one fact remains clear: 2023 broke records with its total number of 4475 ransomware attacks, a 70% increase from 2022.

040f08118e5e60b19e7971358cb851584e235f27d7be94452cb528434ac4a5ea

Global ransomware attacks by month, 2022 vs 2023

17d97f8ea8a482a6699f431dd807b7c24522b0bd310f9818ba24384987bb4d0b

Global ransomware attacks, 2022 vs 2023

Additionally, LockBit was responsible for a 22% of all ransomware attacks in 2023, over half as much as the next top five gangs combined. Together, the top 10 ransomware gangs were responsible for 70% of all ransomware attacks.

c6978fe1c9739975a4dc7cd3766af8f2e541c1694374d58cf4872f4a962d7ea1

Top 10 ransomware gangs in 2023

Breaking 2023 ransomware attacks by sector reveals that 23% of all attacks were directed against the Services sector. Together, the top 10 sectors accounted for 80% of all ransomware attacks.

e2015e9e969688080433a130ad4b7dbf11d8d0f1b42191cd702e54e611da4269

Top 10 industries attacked 2023

The USA was by far the most attacked country in 2023, with a whopping 45% of all ransomware attacks targeting the country.

70ceec94715bf7ea103fca21e6ced3799e99e8bd0f5ea20c15664b5d819c8e0d

Top 10 countries attacked 2023

Additionally, we’ve sifted through the backlog of our 2023 ransomware reviews to find the most important stories and trends from the last year. Here are five key takeaways from the ransomware world in 2023.

1. LockBit was… LockBit

LockBit remained the most prolific ransomware gang throughout 2023, responsible for several high-profile attacks (such as against Taiwanese chipmaker TSMC). As well, LockBit also unveiled a new variant, LockBit Green, and showed signs of expanding into macOS territory.  

2. Law enforcement worked overtime

Despite 2023 being the worst ransomware year on record, law enforcement notched notable successes in taking down big-name groups, including the FBI’s shutdown of the Hive ransomware group and the seizure of ALPHV’s infrastructure.

3. Gangs seized the day with zero-days

Ransomware gangs, including Cl0p and ALPHV, aggressively exploited zero-day vulnerabilities (e.g., in GoAnywhere MFT, MOVEit Transfer, and Citrix appliances) to launch attacks on a unprecedented scale.

4. Big blows dealt to critical infrastructure

Critical infrastructure (as defined by CISA) took a beating in 2023, with sectors such as logistics, manufacturing, healthcare, and education accounting for almost 30% of all ransomware attacks in 2023. Education alone (a subsector of the Government Facilities sector) experienced a 70% surge in attacks in the past year, increasing from 129 incidents in 2022 to 265 in 2023.

5. New tactics and rebrandings emerged

Besides an increased focus on exploiting zero-days, ransomware gangs introduced other new tactics in 2023 such as CL0P’s use of torrents for distributing stolen data and innovative social engineering techniques by groups like Scattered Spider. We also saw notable rebrands (i.e Vice Society to Rhysida) and shifts in focus from encryption to purely data theft and extortion.

Looking ahead

2023 was a whirlwind year for ransomware: Attacks spiked by 70%, law enforcement landed key victories, gangs pivoted to exploiting zero-day vulnerabilities, and much more.

Going into 2024 it’s safe to say that the threat of ransomware looms large for all organizations—especially those with shrinking security budgets and overtaxed IT teams, organizations located in the US, critical infrastructure sectors like education.

Fighting off ransomware gangs requires a layered security strategy. Technologies such as Endpoint Protection (EP) and Vulnerability and Patch Management (VPM), for example, are vital first defenses to reduce the attack surface breach likelihood.

The key point, though, is to assume that motivated gangs will eventually breach any defenses. Endpoint Detection and Response (EDR) is crucial for finding and removing threats before damage occurs. And for the ultimate assurance of uptime —choose an EDR solution with ransomware rollback to undo changes and restore files so that productivity continues.

How ThreatDown Addresses Ransomware

ThreatDown Bundles take a comprehensive approach to ransomware. Our integrated solutions combine EP, VPM, and EDR technologies, tailored to your organization’s specific needs, including:

6c54652982c587179dc58332ad72b86e2279636a636295a3ed9d605758e47018

ThreatDown EDR detecting LockBit ransomware

ransomware 1

ThreatDown automatically quarantining LockBit ransomware

For resource-constrained organizations, select ThreatDown bundles offer Managed Detection and Response (MDR) services, providing expert monitoring and swift threat response to ransomware attacks—without the need for large in-house cybersecurity teams.

Experience ThreatDown Bundles


Original Source

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.