In a recent report released by the Institute for Security and Technology’s Ransomware Task Force (RTF), it was revealed that the number of ransomware attacks surged by a staggering 73% between 2022 and 2023. The findings, detailed in the “2023 Global Ransomware Incident Map,” shed light on concerning trends in the evolving threat landscape.
Taylor Grossman, the deputy director for digital security at the Institute for Security and Technology, along with Trevaughn Smith, a future of digital security associate at IST, emphasized the growing prevalence of big game hunting among ransomware groups. This tactic involves targeting high-value organizations to unleash widespread downstream effects.
The report underscored that construction and healthcare sectors remained prime targets for ransomware attacks in 2023, with LockBit and Clop ransomware gangs emerging as the most active threat groups. Additionally, data from Chainalysis revealed record-breaking ransom payments in 2023, signifying the lucrative nature of these illicit activities.
According to Grossman and Smith, the data indicated a total of 6,670 ransomware incidents in 2023, representing a sharp year-over-year increase. The rise in ransomware attacks was attributed to a temporary decline in 2022 due to successful law enforcement actions and distractions caused by Russia’s invasion of Ukraine.
Despite the setbacks, the authors warned that the Ransomware as a Service (RaaS) model, which enables less skilled cybercriminals to execute attacks, continues to pose a significant threat. The ease of access to ransomware tools and the complexity of RaaS operations make it challenging for law enforcement to track and attribute attacks to specific actors.
LockBit, identified as the most “stable” ransomware group in 2023, was disrupted earlier this year in a joint law enforcement operation that resulted in arrests and the seizure of crucial infrastructure. However, the report highlighted the resilience of ransomware groups like 8Base, which rely on traditional tactics such as phishing to gain unauthorized access to targeted organizations.
In terms of targeted industries, the construction and healthcare sectors witnessed a surge in ransomware incidents, with financial services and software development sectors also experiencing a significant uptick in attacks. This pattern suggests that while the frequency of attacks is increasing, the choice of targets remains relatively unchanged.
The report delved into the healthcare sector’s vulnerability, noting that hospitals, traditionally prioritizing data confidentiality over availability, are increasingly at risk. The authors emphasized the growing trend of hospitals being forced to pay ransoms to restore operations quickly and ensure continuity of care for patients.
Furthermore, the report highlighted global ransomware incidents across 117 countries, carried out by 66 ransomware groups. However, the data may be skewed due to underreporting, indicating a broader challenge in accurately assessing the full extent of ransomware threats worldwide.
Looking ahead to 2024, the report suggested a continuation of trends from 2023, particularly in the realm of big game hunting tactics and evolving extortion strategies. The authors emphasized the importance of international collaborations and increased reporting mechanisms to combat the growing menace of ransomware.
Overall, the report underscored the persistent and evolving nature of ransomware threats, urging organizations to enhance cybersecurity measures and strengthen response capabilities to mitigate the impact of these malicious attacks. As ransomware continues to evolve, the need for proactive defense strategies and global cooperation becomes increasingly critical in safeguarding against cyber threats.