Researchers reveal that as many as 3,385 organizations were publicly outed by attackers as being the victims of ransomware in the first three quarters of 2023, an 83 percent increase year-on-year.
The manufacturing, technology, retail and wholesale sectors were most targeted, with Lockbit, Clop, and BlackCat/ALPHV were the most active attack groups.
"Q3 of 2023 marked the largest volume of public ransomware victims that GRIT has observed since we began tracking the ransomware ecosystem for the last two plus years," Beta News reported the researchers as stating.
"The ransomware ecosystem as a whole is on pace to nearly double its number of publicly posted victims year over year despite a lesser increase in the number of threat actors. This suggests that many of the groups we are tracking are continuing to increase their operational tempo, but also may be the result of many organizations not being willing to pay the ransom demand."
Takeaway: The marked increase in the exploitation of vulnerabilities by ransomware gangs is driving the high number of attacks as threat actors continue to employ increasingly complex techniques that we used to only see in nation-state operations.
Ransomware attacks used to be clumsier and more random, basically a numbers game where massive email spam campaigns or drive-by watering hole attacks designed to infect as many individual devices as possible while asking for ransoms of a fraction of a bitcoin - but those days have largely passed.
Research from earlier this year found that more than three-quarters of all ransomware-related vulnerability exploits observed throughout 2022 targeted older bugs disclosed between 2010 and 2019 for which patches were already available. Most of the vulnerabilities were low to medium severity levels, making it more likely that they were lower on an organization's priority list for patching or were simply never addressed.
For many of these vulnerabilities, exploits have been available for quite some time, and in many cases, the exploits have been built into toolkits and largely automated, so we're also seeing an increase in ransomware attacks displaying these more sophisticated attack sequences.
Furthermore, the actual number of attacks may be much higher than estimated because accurate data is hard to come by when assessing the wider impact of ransomware, as private organizations and individuals are not required to report attacks.
In 2022, the FBI spent seven months observing the infamous Hive ransomware gang after infiltrating their operations. Based on their observations, the agency came to the shocking conclusion that only about 20% of attacks were being reported to law enforcement.
This means the ransomware threat is potentially even greater than we acknowledge, and security solutions available on the market - while effective against many threats - do not fully protect against ransomware attacks.
This is because RaaS operators and data extortion attackers continue to innovate at a fast pace and are implementing novel evasion techniques into their payloads designed to completely circumvent traditional endpoint protection solutions.
With ransomware and data extortion attacks being so hugely profitable, it’s clear we won’t solve this problem on the attacker side of the equation. While we have seen some scattered arrests of affiliates and other low-level threat actors in the ransomware space here and there, overall law enforcement has had very little impact in regard to disrupting ransomware operations.
Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.