Ransomware In 2023 Recap 5 Key Takeaways

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

2023 was an explosive year for ransomware.

While some ransomware trends hardly changed over the last year, such as LockBit’s continued dominance, ransomware criminals also challenged our fundamental assumptions on how ransomware gangs work, such as by exploiting zero-day vulnerabilities. Through thec onsistenciess and evolutions over the last year, one fact remains clear: 2023 broke records with its total number of 4475 ransomware attacks, a 70% increase from 2022.

84e04046d1a3bd1c2dd96676dc8795b280a8f8d2d575212233284c7efac69fce

Global ransomware attacks by month, 2022 vs 2023

66c5e147627f58c3926dd5ab7b0d64b95caf9f74a677457e5585b5288febca87

Global ransomware attacks, 2022 vs 2023

Additionally, LockBit was responsible for a 22% of all ransomware attacks in 2023, over half as much as the next top five gangs combined. Together, the top 10 ransomware gangs were responsible for 70% of all ransomware attacks.

787ed36d06735de03872e52339992330951bfb9ff53b01836a586a169d546ed9

Top 10 ransomware gangs in 2023

Breaking 2023 ransomware attacks by sector reveals that 23% of all attacks were directed against the Services sector. Together, the top 10 sectors accounted for 80% of all ransomware attacks.

778a4d42a6f2e7fded96e2ae8d7ca98c163c94420a42bd67fd33bcce667334fc

Top 10 industries attacked 2023

The USA was by far the most attacked country in 2023, with a whopping 45% of all ransomware attacks targeting the country.

3ffbd3d31934672c834f9acba0d926cfce28943be066e95ed379b01cfcb2cf87

Top 10 countries attacked 2023

Additionally, we’ve sifted through the backlog of our 2023 ransomware reviews to find the most important stories and trends from the last year. Here are five key takeaways from the ransomware world in 2023.

1. LockBit was… LockBit

LockBit remained the most prolific ransomware gang throughout 2023, responsible for several high-profile attacks (such as against Taiwanese chipmaker TSMC). As well, LockBit also unveiled a new variant, LockBit Green, and showed signs of expanding into macOS territory.  

2. Law enforcement worked overtime

Despite 2023 being the worst ransomware year on record, law enforcement notched notable successes in taking down big-name groups, including the FBI’s shutdown of the Hive ransomware group and the seizure of ALPHV’s infrastructure.

3. Gangs seized the day with zero-days

Ransomware gangs, including Cl0p and ALPHV, aggressively exploited zero-day vulnerabilities (e.g., in GoAnywhere MFT, MOVEit Transfer, and Citrix appliances) to launch attacks on a unprecedented scale.

4. Big blows dealt to critical infrastructure

Critical infrastructure (as defined by CISA) took a beating in 2023, with sectors such as logistics, manufacturing, healthcare, and education accounting for almost 30% of all ransomware attacks in 2023. Education alone (a subsector of the Government Facilities sector) experienced a 70% surge in attacks in the past year, increasing from 129 incidents in 2022 to 265 in 2023.

5. New tactics and rebrandings emerged

Besides an increased focus on exploiting zero-days, ransomware gangs introduced other new tactics in 2023 such as CL0P’s use of torrents for distributing stolen data and innovative social engineering techniques by groups like Scattered Spider. We also saw notable rebrands (i.e Vice Society to Rhysida) and shifts in focus from encryption to purely data theft and extortion.

Looking ahead

2023 was a whirlwind year for ransomware: Attacks spiked by 70%, law enforcement landed key victories, gangs pivoted to exploiting zero-day vulnerabilities, and much more.

Going into 2024 it’s safe to say that the threat of ransomware looms large for all organizations—especially those with shrinking security budgets and overtaxed IT teams, organizations located in the US, critical infrastructure sectors like education.

Fighting off ransomware gangs requires a layered security strategy. Technologies such as Endpoint Protection (EP) and Vulnerability and Patch Management (VPM), for example, are vital first defenses to reduce the attack surface breach likelihood.

The key point, though, is to assume that motivated gangs will eventually breach any defenses. Endpoint Detection and Response (EDR) is crucial for finding and removing threats before damage occurs. And for the ultimate assurance of uptime —choose an EDR solution with ransomware rollback to undo changes and restore files so that productivity continues.

How ThreatDown Addresses Ransomware

ThreatDown Bundles take a comprehensive approach to ransomware. Our integrated solutions combine EP, VPM, and EDR technologies, tailored to your organization’s specific needs, including:

03627357927f7a0706a9f451cab1b7d6b7f3523595068639730315e6f1f00b12

ThreatDown EDR detecting LockBit ransomware

ransomware 1

ThreatDown automatically quarantining LockBit ransomware

For resource-constrained organizations, select ThreatDown bundles offer Managed Detection and Response (MDR) services, providing expert monitoring and swift threat response to ransomware attacks—without the need for large in-house cybersecurity teams.

Experience ThreatDown Bundles


Original Source

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.