Corvus Insurance has revealed some alarming statistics in its “Q4 Ransomware Report,” highlighting the significant increase in ransomware activity in 2023. The report pointed out a 69% rise in ransomware incidents compared to the previous year, indicating a record-breaking year for this widespread cybersecurity threat.
The insurance company gathered and analyzed data from ransomware leak sites to compile the report, which does not include victims that paid the ransom and were subsequently removed from the leak sites. According to the report, the total number of leak site victims skyrocketed from 2,670 in 2022 to 4,496 in 2023. When combining this data with the estimated number of victims that paid ransoms, the total number of affected organizations surged to between 6,100 and 7,600 in 2023.
One of the significant contributors to the spike in attacks was the increasing exploitation of vulnerabilities in organizations’ security systems. With threat actors exhibiting rapid exploitation times, many organizations struggled to keep pace with the influx of critical vulnerabilities.
The notorious Clop ransomware gang, for instance, exploited a zero-day vulnerability in Progress Software’s MoveIt Transfer managed file transfer (MFT) product, impacting over 2,000 organizations. Corvus also detected an increase in active ransomware groups throughout the year, with the number rising from 35 groups to 47 between the first and fourth quarter of 2023.
Furthermore, the report highlighted several law enforcement efforts that aimed to disrupt ransomware groups. An international operation in August 2023 dismantled Qakbot, a malware used to deploy dangerous ransomware, and temporarily disrupted the BlackCat/Alphv ransomware group in December. Despite these law enforcement actions, many ransomware groups quickly adapted and continued their operations.
The report also featured a case study involving a wholesale distributor in the U.S. that fell victim to a ransomware attack. The company engaged a ransom negotiator, forensics team, and the FBI to address the incident. The FBI provided a decryptor, and with the immediate action, sensitive information was prevented from being posted to the dark web.
Corvus highlighted the need for businesses to enhance their cybersecurity measures and prepare for the continuing surge in ransomware attacks. This warning is significant, especially as attacks against law practices are on the rise, demonstrating that no sector is immune to this threat.
Corvus’s report serves as a stark reminder of the urgent need for organizations to bolster their security measures and resilience to combat the ever-evolving ransomware threat. With the increasing number of ransomware incidents and the resilient nature of threat actors, it is essential for businesses to prioritize security in their networks to minimize the risk of falling victim to these devastating attacks in the future.
As the report highlighted, threat actors have become adept at adapting to law enforcement actions and exploiting vulnerabilities, ensuring that ransomware will continue to be a dominant cybersecurity issue in 2024. Organizations must take proactive steps to safeguard their networks and data from these threats.