According to Ryan Bell, Threat Intel Manager at Corvus Insurance, the year 2023 is shaping up to be the worst year on record for ransomware attacks. Based on data collected from ransomware leak sites dating back to 2021, the Corvus Insurance team has been able to track a significant increase in ransomware activity starting at the beginning of the year.
In the initial ransomware reports from earlier this year, it was noted that the numbers skyrocketed, with February seeing a 60 percent increase over January and March seeing a 70 percent increase over February. This trend continued, with ransomware attacks growing by nearly 30 percent over Q1 in the second quarter and then increasing by 11.2 percent in the third quarter over the previous quarter. The increase in Q3 2022 was even more startling, with ransomware attacks up more than 95 percent over 2022.
With just a month and a half left in the year, the number of ransomware victims in 2023 has already surpassed the totals observed for the entirety of either 2021 or 2022. The figures could be even higher, as a significant percentage of victims quickly pay threat actors’ demands and are never observed on a leak site. If these numbers are added, the total number of ransomware victims in 2023 could be as high as 5,500 – 7,000 businesses.
Two key factors have been identified as impacting this year’s ransomware activity. The first is the CL0P ransomware group, which first appeared in 2020 but saw a significant increase in Q1 of this year. CL0P accounted for 9 percent and 13 percent of Q2 and Q3 activity, respectively. Another driver behind the increase in ransomware activity was the deviation from the usual pattern of summer vacation for cybercriminals, with a spike in ransomware attacks occurring during the summer months.
The industries that experienced the most significant spike in ransomware attacks were law practices and the government, followed by manufacturing, medical practices, and oil and gas. Law practices were the top exploited industry by the ALPHV ransomware group, accounting for 23.5 percent of all victims in this sector. Ransomware attacks on the government were up 95 percent, largely due to the LockBit and Stormous ransomware groups.
As 2023 draws to a close, it is expected that there will be a continued rise in ransomware activity, ensuring that the year secures the dubious honor of having the most ransomware victims posted on leak sites. Additional ransomware research and analysis will be rolled out in the upcoming days and weeks to provide further insights into this concerning trend.
Overall, the data collected by Corvus Insurance paints a grim picture of the ransomware landscape in 2023, highlighting the urgent need for improved cybersecurity measures to protect businesses from these increasingly prevalent and damaging attacks.