Ransomware attacks surged by 45% in 2023, report finds
Ransomware attacks have increased by 45% year-on-year in 2023, rising to 4,667 cases – an increase of 84% compared to 2022. This data was presented by NCC Group's Threat Intelligence team. Key players causing this escalation are newcomers such as Hunters, assumed to be a rebrand of Hive, and DragonForce. The most prolific actor, however, remained LockBit, whose activities accounted for 82 cases.
A downslope was noted in December 2023, with a monthly fall of 12% in ransomware attacks, totalling 391 cases. However, this decrease does not overshadow the sharp overall rise for the year. The cumulative attacks for 2023 exceeded initial predictions by NCC Group, which estimated a maximum of 4,000 cases.
The list of top 10 active groups experienced a shake-up in December 2023. Alongside usual suspects, three new groups appeared: Hunters, locking down 22 cases and considered a possible rebrand of the dismantled Hive; DragonForce with 21 cases; and at 10th place, rumoured LockBit affiliate, WereWolves. At the top of the ranking remained LockBit, accounting for 82 cases, followed by Cactus, Play, and BlackCat - responsible for 29 and 28 cases each, respectively.
While North America and Europe remain the most targeted regions, constituting 80% of all ransomware attacks in December, it's worth pointing out that North America experienced a reduction in cases with 199 attacks compared to 219 the previous month. Europe saw a 29% decrease with 114 attacks. Cases in Asia also decreased by 20% with 37 attacks. However, an uptick was observed both in South America, with an increase of 19%, and Russia, which noted 12 cases.
The healthcare sector, once amongst the top three targets, has now slipped in the rankings but continues to be viewed as frequently at risk due to the high volume of attacks over the past three months. In December, the most targeted sectors were the Industrial, with 114 cases (29% of total), followed by Consumer Cyclicals, with 64 attacks (16%), and Technology, with 47 occurrences (12%).
Further insights derived from the analysis reflected an increase in the activity of malware families in December. Specifically, Hydra mobile malware and Qakbot made a significant comeback after a hiatus following an infrastructure takedown in August. The reappearance of the infostealer Meduza Stealer was also worth noting; it offered cybercriminals sophisticated techniques such as account commandeering, online-banking theft, and financial fraud.
Commenting on the findings, Matt Hull, Global Head of Threat Intelligence at NCC Group, stated, "Although December saw a slight dip in ransomware levels down from the November statistics, the overall increase from December 2022 is a reminder of the growing cyber threat landscape and the importance of adopting the appropriate preventative measures to mitigate the risk of complex attacks." He further emphasized that the rise in cyber-criminal activity mirrored the development of sophisticated attack methods, leading to successful grave incursions into sectors like healthcare and the compromise of vast volumes of data.