Ransomware Attack Levels Surged in 2023


January 16, 2024

World map

According to initial research, the volume of ransomware attacks surged in 2023 by 55.5%  year-over-year from 2022 levels, with 4,368 cases documented cases.

“The rollercoaster ride from explosive growth in 2021 to a momentary dip in 2022 was just a teaser—2023 roared back with the same fervor as 2021, propelling existing groups and ushering in a wave of formidable newcomers,” the Hacker News reported.

“LockBit 3.0 maintained its number one spot with 1047 victims achieved through the Boeing attack, the Royal Mail Attack, and more. Alphv and Cl0p achieved far less success, with 445 and 384 victims attributed to them, respectively, in 2023.”

The report also calls out several emerging ransomware gangs who were very active in 2023, including 8Base, Rhysida, 3AM, Malaslocker, BianLian, Play, and Akira.

Takeaway: There is no threat as pervasive as what we are seeing with the explosion in the number of ransomware operators, variants, affiliate threat actors, and total dollar losses to victim organizations.

The actual numbers are certain to be much higher than what is being reported, as another recent study which found that over half (61%) of executives surveyed said their organization opted not to report a major ransomware attack to law enforcement.

Combine that nugget with an FBI assessment from 2022 where the agency assessed that only about 20% of attacks were being reported to law enforcement. This assessment was based on the FBI observing monitoring the activity of the infamous Hive ransomware gang for seven months after infiltrating their operations.

Based on these assessments, there were likely tens of thousands of successful ransomware attacks in 2023, but they are simply not being reported publicly.

At some point, these ransomware attacks are going to cross the line from cybercriminal activity to a national security event, especially when we are talking about attacks on critical infrastructure Defense Industrial Base targets.

We know rogue nations tacitly or directly support and/or control these ransomware operators to an extent, and these attacks are starting to look more and more like state-sponsored terrorism, and perhaps we should be addressing them as such.

While authorities have been making some efforts to help organizations address the ransomware threat, all efforts to stem the tide of ransomware attacks are hampered by our not truly understanding the magnitude of this growing threat.

Security teams need hard data to quantify the risk accurately and make the required recommendations for investments to security programs. Without accurate assessments of the threat, they are going to have an even harder time getting adequate funding in a timely manner.

Security is a challenging space when it comes to budgets. When a security program is running well, the outcome is that nothing bad happens, so justifying an increase in security spend is hard, and that's why we typically see organizations announce bit investments after they have fallen prey to attackers.

If the federal government wants to have an immediate impact in combatting ransomware attacks, giving organizations accurate data to better measure their potential threat will help decision makers allocate resources.

Ultimately, it's the Russian government that is both providing safe harbor for the majority of these criminal elements who are conducting ransomware attacks with impunity and is very likely influencing some of their targeting.

Until the US government directly sanctions the Putin regime for their direct or tacit support, we will not see this spate of ransomware attacks abate any time soon. It's only a matter of time before we see another massively disruptive attack against a critical infrastructure target.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.