Throughout 2023, a year marked by a significant surge in ransomware attacks, perpetrators managed to reach 4,368 victims globally, marking a historic high with an increase of 55.5%. This is according to a report from Cyberint, an actionable intelligence solution that monitors the deep, dark, and open web in real time to track cyber criminal activities.
The report threw a spotlight on key findings, such as the MOVEit campaign being the most successful of the year and highlighting the fallout of supply chain attacks. LockBit3.0 was named the most active ransomware group. They were followed by ALPHV and Cl0p. Notably, 64% of cyber-attacks honed in on the United States, marking it as the primary target. It also noted the rise of newcomers like Akira, 8Base, and Play. The report holds a somewhat intimidating forecast for 2024, foreseeing both old and new ransomware groups prospering despite law enforcement attempts to dismantle them.
2023 gave rise to a total of 4,368 ransomware victims, a surge of 55.5% from the previous year. Key players like LockBit3.0 recorded 1,047 victims, ALPHV had 445 victims, and Clop had 384 victims. Emerging groups were also noted, such as 8Base, which attacked 281 organisations, Play, launching 304 attacks, BianLian with 281 victims, and Akira with 174 victims. These contributed to the upsurge of ransomware attacks.
The MOVEit campaign took centre stage as the most impactful, reflecting the severe implications of supply chain attacks. This underscores the need for robust supply chain security procedures. The United States bore the brunt, with 64% of all ransomware cases. Within industries, business services took the lead with 1,265 documented cases, followed by retail and manufacturing. The final quarter of 2023 saw 1,154 global ransomware incidents.
If we take a deeper look at the geography, the most targeted countries included the USA, with 2,175 attacks, the UK with 286 attacks, Canada with 198, Germany with 158, France with 140, and Italy with 134.
As law enforcement attempts to tackle the ransomware industry, it shows relentless growth, inflicting considerable damage on worldwide organisations. The upcoming 2024 year is projected to be more challenging, with old-guard groups and newcomers like Akira, Play, and 8Base slated to play dominant roles.
Yochai Corem, CEO of Cyberint, emphasised that 2023 marked a crucial period for ransomware, witnessing unprecedented disruption from supply chain attacks and a significant increase of over 50% in ransomware incidents. Corem stressed the need for businesses to proactively address this rising threat by adopting comprehensive and innovative intelligence-based solutions. He advocated for a holistic approach to reduce the risk associated with ransomware and enhance the capability to combat these evolving threats effectively.
Yochai Corem, CEO of Cyberint, said, "2023 has been a defining year for the ransomware landscape, with supply chain attacks causing unprecedented disruption and ransomware incidents rising by more than 50%. To meet the predicted rise in ransomware threats, more proactive, accurate and comprehensive solutions are needed. Businesses must adopt holistic approaches based on innovative intelligence to reduce risk and fight ransomware threats."