Ransomware Attacks Rise Again

Ransomware attacks are up 95.41% globally in 2023 year over year, a trend showing no signs of slowing.

The number of ransomware victims to date in 2023 (3,311) has already surpassed totals for the entirety of 2021 (3,048) or 2022 (2,670). This year could be the first with over 4,000 ransomware victims posted on leak sites.

The Q3 Ransomware Report from cyber insurance specialists Corvus shows the third quarter saw a further increase with 1,278 victims observed on ransomware leak sites, an 11.22% increase over the second quarter.

September was the ninth consecutive month of year-over-year increases, and the rest of the year is expected to continue the trend. While ransomware attacks typically decline in the summer months, this year’s decrease was later and shorter than usual. Following seasonal ransomware patterns, attack velocity is expected to climb in Q4.

“It’s clear that ransomware attacks are on a record-setting pace for 2023, and based on activity at the end of Q3 and early Q4, we fully expect these numbers to surpass anything we have witnessed in previous years,” said Jason Rebholz, CISO, Corvus Insurance. “Aside from these overall numbers, this report demonstrates the impact that a single ransomware group like CL0P can have when they invest in new tactics, which is what we saw with the mass zero-day exploit that wreaked havoc over the second and third quarters.”

In Q2, the CL0P ransomware group’s use of a zero-day vulnerability in MOVEit file transfer software accounted for 13% of all ransomware victims in Q3. But even without CL0P activity, Q3 would still be a 5% increase in ransomware over Q2 and a 70% increase year over year, showing that ransomware activity is rising even independent of CL0P’s substantial percentage.

Some of the more frequently targeted industries include law firms (up 70%), municipalities (up 95%) and oil and gas (up 142%). Other top targets include manufacturing firms (up 60%). But few industries remain untouched by ransomware threats. Telecommunications, hospitality, retail, real estate and transportation, logistics and storage have all seen double-digit increases each quarter in 2023.

To combat attacks, 40 countries in a U.S.-led alliance plan to sign a pledge to never pay ransom to cybercriminals and to work toward eliminating the hackers’ funding mechanism. The International Counter Ransomware Initiative aims to eliminate the criminals’ funding through better information sharing about ransom payment accounts. Two information-sharing platforms will be created, one by Lithuania and another jointly by Israel and the UAE. Partner countries will share a “black list” through the U.S. Department of Treasury that will include information on digital wallets being used to move ransomware payments.

“As long as there is money flowing to ransomware criminals, this is a problem that will continue to grow,” said Anne Neuberger, U.S. deputy national security adviser in the Biden administration for cyber and emerging technologies, when announcing the alliance in October.

Topics Cyber