SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Encryption
#
Ransomware
New ransomware report reveals 80% victim increase in 2023
Thu, 25th Jan 2024
Author image
By Shannon Williams, Journalist
Follow us

On Thursday, January 25, 2024, GuidePoint Security, an industry leader in cybersecurity solutions, launched the GuidePoint Research and Intelligence Teams (GRIT) 2023 Annual Ransomware Report. The report investigates global ransomware trends, including mass exploitation campaigns, encryption, data extortion and other novel coercive tactics, based on publicly available data.

From its analysis, GRIT reported an 80% increase in victim posting YoY and found that victim volume had almost doubled, with 4,519 victims across 30 industries and 120 countries. There were 63 unique ransomware groups using encryption, data exfiltration and additional coercive techniques. "Comparing 2023 to 2022 ransomware activity, we saw an 80% YoY increase of victim posting," Drew Schmitt, Practice Lead of GRIT, explained. He attributed the rise to multiple mass exploitation campaigns and an influx of new entrants in the ransomware ecosystem due to lowered technical barriers, including the recycling of leaked ransomware builders and commodity malware. He also revealed the role of established groups with resources and technical expertise in this growth, stating that "exploitation of high-severity and zero-day vulnerabilities provided a reliable means of exploiting victims at scale".

The report also discusses major ransomware events from the past year, such as Clops' MOVEit campaign, Scattered Spiders' attacks on casinos and published decryptors effecting the ransomware operations of BianLian and Akira. The industries most affected were Manufacturing and Technology, with respective victim percentages of 12.9% and 7.9%. The USA was five times more impacted than the next highest country, Germany (265 vs 48 victims). The US also accounted for 49% of all reported ransomware attacks in 2023, alongside being the most heavily impacted country. Out of the top ten most affected nations, eight were in North America and Europe, with Brazil and Australia being the only exceptions. These ten countries were home to 76% of all victim organisations, of which 27% impacted non-US states.

Analysing the ransomware groups, the report found established groups responsible for the majority (85%) of victims. Following were developing groups (10%). The most notorious established groups – LockBit, Alphv, and Clop – accounted for the majority of victims and were responsible for much innovation and strategic changes in the ransomware ecosystem. Ephemeral and Emerging groups, whilst not as advanced as their established counterparts, continued to pose significant threats to organisations worldwide, due to the unpredictable nature of their actors and the frequent recycling of malware.

Drew Schmitt commented, "Last year, ransomware continued to increase in terms of impact, sophistication, and the number of participating actors, indicating that the ransomware ecosystem has not yet reached a point of market saturation." He went on to add that GuidePoint predicts an upward continuation of ransomware impacts into 2024 and beyond, until financial conflicts arise between ransomware groups or the space becomes less attractive due to law enforcement and regulatory pressures.

Related stories
Record ransomware attacks in March 2024, report finds
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
High Performance Podcast duo to keynote Infosecurity Europe conference
Top stories
The messaging evolution and the fight against fraud
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity