Ahead of International Anti-Ransomware Day on Friday, May 12, software security experts at Kaspersky reveal a concerning trend in which ransomware attacks account for every third cyber incident in 2023.
The report sheds light on the escalating threat of ransomware groups, which have seen a 30 percent increase across countries compared to 2022, and a 71 percent surge in known victims.
According to Kaspersky, the number of ransomware groups has increased by 30 percent based on data gathered between 2022 and 2023. The increase was accompanied by a 71 percent surge in known victims of such attacks.
“Unlike random assaults, these targeted groups set their sights on government agencies, prominent organizations, and specific individuals within enterprises. As cybercriminals continue to orchestrate sophisticated and extensive attacks, the threat to cybersecurity grows ever more pronounced,” Kaspersky experts said.
In 2023, Lockbit 3.0 emerged as the most prevalent ransomware, leveraging a builder leak in 2022 to spawn custom variants targeting organizations worldwide.
BlackCat/ALPHV ranked second, until December 2023, when a collaborative effort by the FBI and other agencies disrupted its operations. But BlackCat quickly rebounded, underscoring the resilience of ransomware groups.
Third on the list was Cl0p, which breached the managed file transfer system MOVEIt, impacting over 2.5 thousand organizations by December 2023, according to New Zealand security firm Emsisoft.
In its 2023 State of Ransomware report, Kaspersky also identified several noteworthy ransomware families, including BlackHunt, Rhysida, Akira, Mallox, and 3AM.
As the ransomware landscape evolves, smaller, more elusive groups are emerging, posing new challenges to law enforcement.
According to the research, the rise of Ransomware-as-a-Service (RaaS) platforms further complicated the cybersecurity landscape, emphasizing the need for proactive measures.
In the Kaspersky research, attacks via contractors and service providers emerged as prominent vectors, facilitating large-scale assaults with alarming efficiency.
Overall, ransomware groups demonstrated a sophisticated understanding of network vulnerabilities, utilizing a variety of tools and techniques to achieve their objectives. They used well-known security tools, and exploited public-facing vulnerabilities and native Windows commands to infiltrate their victims, highlighting the need for robust cybersecurity measures to defend against ransomware attacks and domain takeovers.
“As ransomware-as-a-service proliferates and cybercriminals execute increasingly sophisticated assaults, the threat to cybersecurity becomes more acute. Ransomware strikes persist as a formidable menace, infiltrating critical sectors and preying on small businesses indiscriminately.
“To combat this pervasive threat, it’s imperative for individuals and organizations to fortify their defenses with robust cybersecurity measures. Deploying solutions such as Kaspersky Endpoint Security and embracing Managed Detection and Response (MDR) capabilities are pivotal steps in safeguarding against evolving ransomware threats,” said Dmitry Galov, head of research center at Kaspersky..
