A recent report by cybersecurity firm JUMPSEC has highlighted a sharp increase in ransomware attacks around the world, with the UK experiencing a particularly alarming rise. According to the report, attacker-reported ransomware attacks in the UK have surged by 87% in the first half of 2023, while globally, the increase stands at 37%. These numbers come as a surprise, given that the growth of ransomware attacks seemed to be slowing down at the end of 2022. There were several theories for this slowdown, including victims refusing to pay, higher security spending, or threat actors shifting their focus to the Russia-Ukraine conflict.
However, the latest data suggests that 2023 will surpass previous years in terms of ransomware attacks. In July 2023 alone, JUMPSEC identified 436 attacks worldwide, which is a staggering 20% increase compared to the previous record high caused by the Log4j vulnerability in 2021. The report points to the mass exploitation of software vulnerabilities as a key contributing factor to the rise in ransomware attacks. Several vulnerabilities in widely used platforms such as Rackspace, Zimbra, and the MOVEit have been exploited by attackers, leading to a significant increase in attacks.
JUMPSEC’s analysis also highlights the most prevalent ransomware variants in 2023. Lockbit continues to dominate, but Cl0p ransomware, responsible for the MOVEit breach, has significantly increased its impact and could challenge Lockbit’s position as the most prevalent ransomware. Another trend identified by JUMPSEC is the increased targeting of the financial services, insurance, and IT sectors. These areas have become lucrative targets for attackers who exfiltrate data and use it as leverage for extortion. Large UK-based companies, including Aon, Deloitte, and PWC, were targeted in the MOVEit attack, exemplifying the higher attack rates experienced by organizations in these sectors.
The proliferation of new ransomware variants is another explanation for the rising attack figures. JUMPSEC has observed a 20% increase in the number of ransomware groups in 2023 compared to the previous year. Successful groups are increasingly focusing on big game hunting, with BlackCat (ALPHV) and CL0P being the most common ransomware groups targeting UK organizations that have £10 million in bank assets. These groups have replaced Karakurt as the most prevalent ransomware threat against large organizations.
The report also highlights the UK as one of the most targeted countries outside the US, with 20% of European ransomware attacks occurring there. While Russian-aligned hacktivist organizations may pose a threat in the form of DDoS assaults, their impact on UK businesses is likely to be limited. JUMPSEC’s researcher, Sean Moran, commented on the trend towards increased personalization of attacks, suggesting that victims may be less inclined to pay ransoms, leading attackers to exert greater pressure. However, reports of rising cryptocurrency profits by known ransomware threat actors indicate that their negotiation tactics have been effective.
To track global ransomware activity, JUMPSEC threat intelligence analysts employ a combination of manual investigation and automated bots. They scrape public-facing domains of ransomware threat actors and enrich the data by considering the geographic location, industry sector, size, and financial profile of each targeted organization.
In response to the growing threat, JUMPSEC has created a Ransomware Hub page where all ransomware updates can be found. This resource aims to provide valuable information to organizations looking to refine their response to cyber extortion and stay ahead of evolving attacker tactics.