JUMPSEC's latest report reveals ransomware attacks are rising, with the UK being the most targeted country outside the US.
According to JUMPSEC's report, attacker-reported ransomware attacks increased 87% in the UK and 37% globally in the first half of 2023. This follows reports of ransomware growth slowing at the end of 2022. Victims refusing to pay, higher security spending, or threat actors focusing on Russia-Ukraine were all theories for the slowdown.
JUMPSEC now expects 2023 to be the most prolific year for ransomware, surpassing the previous highs of 2021. JUMPSEC identified 436 attacks worldwide in July 2023, 20% higher than the previous all-time high caused by Log4j in 2021.
JUMPSEC's research suggests that the mass exploitation of software vulnerabilities is perhaps the most clear-cut contributing factor to the rise of ransomware attacks in 2023. Several vulnerabilities discovered in widely used platforms have contributed to rising attack figures (Rackspace, Zimbra and most notably the MOVEit).
Analysis shows that Lockbit is still the most prevalent ransomware variant in 2023. However, Cl0p ransomware, who claim the MOVEit breach, have increased their impact significantly and could be on course to challenge Lockbit as the most prevalent ransomware.
Another 2023 trend reported by JUMPSEC is the increased exploitation of the financial services, insurance and IT sectors globally and within the UK.
With organisations increasingly opting only to exfiltrate data as leverage for extortion, these sectors are becoming increasingly lucrative targets. Large UK-based companies such as Aon, Deloitte and PWC were all targeted in the MOVEit attack and represent the types of organisations that have experienced higher attack rates.
Another explanation for rising attack figures is the proliferation of more ransomware variants, as JUMPSEC monitored 20% more ransomware groups in 2023 than in 2022.
According to the analysis, successful groups continue to prioritise big game hunting. In 2023, BlackCat (ALPHV) and CL0P are the most common ransomware groups targeting UK organisations with POUND £10 million in bank assets, replacing Karakurt as the most common ransomware against large organisations.
The UK is the most targeted country outside the US, and 20% of European ransomware attacks occur there. While Russian-aligned hacktivist organisations threaten DDoS assaults against the UK, theoretically making UK businesses more susceptible, such attention-grabbing hacktivism is unlikely to have a significant impact.
Sean Moran, Researcher at JUMPSEC, says: "We have observed a trend towards the increased personalisation of attacks, which could indicate victims have become less inclined to pay ransoms, causing attackers to exert greater pressure."
"Unfortunately, recent reports of rising cryptocurrency profits by known ransomware threat actors suggests that attacker negotiation tactics have been effective."
"Organisations must continually refine their response to cyber extortion as attackers develop new strategies around mass exploitation of software vulnerabilities and data exfiltration, becoming increasingly personal by targeting individuals and senior leadership within victim organisations," says Moran.
JUMPSEC threat intelligence analysts track global ransomware activity using a mixture of manual investigation and automated bots to search or 'scrape' the public-facing domains of ransomware threat actors. The raw data is then enriched by investigating each targeted organisation's geographic location, industry sector, size, and financial profile.