Ransomware Attacks Likely Broke Records in 2023


January 4, 2024

World map

New research suggests that the number of victims of ransomware attacks jumped significantly in 2023 over 2022 levels, with the healthcare and education sectors being hit the hardest.

Successful attacks against targets in the U.S. increased by 60% for the healthcare sector, 82% for K-12 schools, and 48% for higher education institutions.  

Surprisingly, these numbers do not include the huge number of victims hit with ransomware by way of a vulnerability exploit in the MOVEit managed file transfer software (CVE-2023-34362) the Cl0p ransomware gang leveraged to compromise more than 1000 victims in rapid succession over the summer.

This wave of attacks followed another earlier in the year where Cl0p successfully compromised more than a hundred targets by exploiting a bug in the GoAnywhere file transfer tool.

“The total count doesn't include the massive campaign against users of MOVEit secure file-transfer software in May, in which the Clop ransomware group used a since patched vulnerability to steal data, while encrypting no systems,”  

“Not counting the MOVEit campaign, the numbers still suggest the damage being caused by ransomware is worsening, given the attendant disruption victims face,” Data Breach Today reports.

Takeaway: There is no threat as pervasive as what we are seeing with the explosion in the number of ransomware operators, variants, affiliate threat actors, and total dollar losses to victim organizations.

Other recent reports estimated there have been more than 2,300 successful ransomware attacks in just the first half of 2023, and that overall, ransomware attacks were up 74% in Q2-2023 over Q1 volumes.

The actual numbers are certain to be much higher than what is being reported given yet another recent study which found that over half (61%) of executives surveyed said their organization opted not to report a major ransomware attack to law enforcement.

Combine that with an FBI assessment from 2022 where the agency came to the shocking conclusion that only about 20% of attacks were being reported to law enforcement. This assessment was based on the FBI observing monitoring the activity of the infamous Hive ransomware gang for seven months after infiltrating their operations.

Based on these estimates, there may have been over 10,000 successful ransomware attacks or more in the first half of 2023, but they are simply not being reported.

While authorities have been making efforts to help organizations handle the ransomware threat, all efforts to stem the tide of ransomware attacks are hampered by our not truly understanding the magnitude of this growing threat.

Security teams need hard numbers to quantify the risk accurately and make the required recommendations for investments to security programs. Without accurate assessments of the threat, they are going to have an even harder time getting adequate funding in a timely manner.

Security is a tough space when it comes to budgets. When a security program is running well, the outcome is that nothing happens, so justifying an increase in security spend is hard, and that's why we typically see organizations announce bit investments after they have been victimized.

If the federal government wants to have an immediate impact in combatting ransomware attacks, giving organizations accurate data to better measure their potential threat will help decision makers allocate resources.

Ransomware is one of the biggest threats to any organization today, and we can’t effectively address the threat if we don’t fully understand it fully.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.