Ransomware Gone Wild: Over 1500 Victims In 1H-2023


August 17, 2023

World map

More than 1500 organizations have succumbed to ransomware attacks in just the first half of 2023, according to the recently published 2023 Mid-Year Threat Review report, with the vast majority carried out by only three ransomware operators: LockBit (35.3%), ALPHV/BlackCat (14.2%), and Cl0p (11.9%).

“High-profile smash-and-grab attacks perpetrated by groups like Cl0p have not only driven a high volume of ransomware victims, they’ve also led to significant downstream impact for users and organizations whose data was compromised as a result of attacks on technology and service providers or business partners,” Vulnerability Research Manager Caitlin Condon told Infosecurity Magazine.

“Ultimately, as long as businesses keep paying ransoms, new actors will arise (or regroup) to attempt to make money.”

Takeaway: The report follows closely another study from blockchain research firm Chainalysis that revealed ransomware operators are approaching near-record profits in the first half of 2023, having extorted nearly a half-billion dollars from victim organizations.

But it is not just the number of attacks and total dollars extorted that put an exclamation point on the first half of 2023; Chainalysis measured increases both in the number of payments under $1,000 as well as the number of payments over $100,000 – essentially, everyone is now a target of ransomware attacks.

“The payment size distribution has also extended to include higher amounts compared to previous years. In other words, we’re seeing growth in ransomware payments at both ends of the spectrum,” the researchers told Recorded Future.

“Groups like Cl0p, ALPHV/BlackCat and Black Basta saw average payments hovering above $750,000 and into the millions. Cl0p led the way with an average payment size of $1.73 million and a median payment size of $1.94 million.”

Accurate data is hard to come by when assessing the wider impact of ransomware attacks, as private organizations and individuals are not required to report attacks.

Last year, the FBI spent about seven months observing the activities of the infamous Hive ransomware gang after having infiltrated their operations. Based on their observations, the agency came to the shocking conclusion that only about 20% of attacks were being reported to law enforcement.

Ransomware is big, big, big business. These costs are passed on to consumers, to other businesses, to state and local governments, and so on. The financial impact of ransomware attacks is one we all bear, and it is going to become a significant drag on our economy.

The only way we can counter its growth as a major industry vertical is to disincentivize the attackers. The only way to disincentivize them is to make ransomware attacks unprofitable, and we are still a long, long way from accomplishing that.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.