Ransomware In 2023 Recap 5 Key Takeaways

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

2023 was an explosive year for ransomware.

While some ransomware trends hardly changed over the last year, such as LockBit’s continued dominance, ransomware criminals also challenged our fundamental assumptions on how ransomware gangs work, such as by exploiting zero-day vulnerabilities. Through thec onsistenciess and evolutions over the last year, one fact remains clear: 2023 broke records with its total number of 4475 ransomware attacks, a 70% increase from 2022.

d854cc6f48e2aca06311c84edd8db72565ade0d8474d1604e5cc00cef61b0ff5

Global ransomware attacks by month, 2022 vs 2023

a72f13d31abee0024cce959dde167f3f8e43b1f6915be4453b9deb520922ef95

Global ransomware attacks, 2022 vs 2023

Additionally, LockBit was responsible for a 22% of all ransomware attacks in 2023, over half as much as the next top five gangs combined. Together, the top 10 ransomware gangs were responsible for 70% of all ransomware attacks.

d933902a2f7857f64212b329451208d929c4ea9f6b565a2b3c0767eacfb2a699

Top 10 ransomware gangs in 2023

Breaking 2023 ransomware attacks by sector reveals that 23% of all attacks were directed against the Services sector. Together, the top 10 sectors accounted for 80% of all ransomware attacks.

a0c1f8a1ccc01445c266668a9c0b9e6010f5dec46606ed47b8217e8fea430ac1

Top 10 industries attacked 2023

The USA was by far the most attacked country in 2023, with a whopping 45% of all ransomware attacks targeting the country.

db2a360f8afe0ae77080ed6c61e6a15476dfe5f6b28fea6705e18e0772150c1c

Top 10 countries attacked 2023

Additionally, we’ve sifted through the backlog of our 2023 ransomware reviews to find the most important stories and trends from the last year. Here are five key takeaways from the ransomware world in 2023.

1. LockBit was… LockBit

LockBit remained the most prolific ransomware gang throughout 2023, responsible for several high-profile attacks (such as against Taiwanese chipmaker TSMC). As well, LockBit also unveiled a new variant, LockBit Green, and showed signs of expanding into macOS territory.  

2. Law enforcement worked overtime

Despite 2023 being the worst ransomware year on record, law enforcement notched notable successes in taking down big-name groups, including the FBI’s shutdown of the Hive ransomware group and the seizure of ALPHV’s infrastructure.

3. Gangs seized the day with zero-days

Ransomware gangs, including Cl0p and ALPHV, aggressively exploited zero-day vulnerabilities (e.g., in GoAnywhere MFT, MOVEit Transfer, and Citrix appliances) to launch attacks on a unprecedented scale.

4. Big blows dealt to critical infrastructure

Critical infrastructure (as defined by CISA) took a beating in 2023, with sectors such as logistics, manufacturing, healthcare, and education accounting for almost 30% of all ransomware attacks in 2023. Education alone (a subsector of the Government Facilities sector) experienced a 70% surge in attacks in the past year, increasing from 129 incidents in 2022 to 265 in 2023.

5. New tactics and rebrandings emerged

Besides an increased focus on exploiting zero-days, ransomware gangs introduced other new tactics in 2023 such as CL0P’s use of torrents for distributing stolen data and innovative social engineering techniques by groups like Scattered Spider. We also saw notable rebrands (i.e Vice Society to Rhysida) and shifts in focus from encryption to purely data theft and extortion.

Looking ahead

2023 was a whirlwind year for ransomware: Attacks spiked by 70%, law enforcement landed key victories, gangs pivoted to exploiting zero-day vulnerabilities, and much more.

Going into 2024 it’s safe to say that the threat of ransomware looms large for all organizations—especially those with shrinking security budgets and overtaxed IT teams, organizations located in the US, critical infrastructure sectors like education.

Fighting off ransomware gangs requires a layered security strategy. Technologies such as Endpoint Protection (EP) and Vulnerability and Patch Management (VPM), for example, are vital first defenses to reduce the attack surface breach likelihood.

The key point, though, is to assume that motivated gangs will eventually breach any defenses. Endpoint Detection and Response (EDR) is crucial for finding and removing threats before damage occurs. And for the ultimate assurance of uptime —choose an EDR solution with ransomware rollback to undo changes and restore files so that productivity continues.

How ThreatDown Addresses Ransomware

ThreatDown Bundles take a comprehensive approach to ransomware. Our integrated solutions combine EP, VPM, and EDR technologies, tailored to your organization’s specific needs, including:

412fe108619acc4ac18f478a00e9afec6a3e953a7343f0884e9560de3fe8de16

ThreatDown EDR detecting LockBit ransomware

ransomware 1

ThreatDown automatically quarantining LockBit ransomware

For resource-constrained organizations, select ThreatDown bundles offer Managed Detection and Response (MDR) services, providing expert monitoring and swift threat response to ransomware attacks—without the need for large in-house cybersecurity teams.

Experience ThreatDown Bundles


Original Source

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.