Cybersecurity

Ransomware actors hit zero-day exploits hard in 2023

Dive Brief:

  • Ransomware attacks inflicted more financial damage and hit more companies last year than ever before, according to Unit 42 and Chanalysis research. 
  • Victim organizations paid a collective $1.1 billion in ransom demands in 2023, the largest amount ever recorded, Chainalysis said in a Wednesday report on financially-motivated criminal activity in cryptocurrency exchanges. 
  • Threat actors named and publicly threatened almost 4,000 victim organizations on their dark web leak sites last year, a 49% increase over 2022, Palo Alto Networks’ Unit 42 said Monday in a ransomware retrospective report.

Dive Insight:

Ransomware operators were especially successful targeting critical zero-day vulnerabilities in widely used IT products.

Last year’s surge in ransomware attacks was driven in part by zero-day exploit sprees targeting the MOVEit and GoAnywhere file-transfer services, Citrix networking devices and print management software PaperCut, according to Unit 42.

Unit 42 observed increases in ransomware leak site posts when these four vulnerabilities were most heavily exploited.

While leak site posts are indicative of elevated ransomware activity, Unit 42 noted this doesn’t capture the full extent of attacks. Some ransomware groups start operations without these name and shame sites, and victim organizations that quickly pay ransom demands typically never show up on a group’s leak site.

“Leak sites do not always provide a clear or accurate picture of a ransomware group’s activities. The true scope of ransomware’s impact might be different from what these sites suggest,” Unit 42 said in the report.

Chainalysis shared similar caveats about its tracking of ransom payments. “The ransomware landscape is not only prolific but continually expanding, making it challenging to monitor every incident or trace all ransom payments made in cryptocurrencies,” Chainalysis said in its report.

The blockchain analysis firm said its $1.1 billion figure for 2023 is a conservative estimate, and one that is likely to increase as new ransomware activity is discovered.

During a media briefing in November, a senior Biden administration official said ransomware victims in the U.S. paid $1.5 billion in ransoms between May 2022 and June 2023.

But federal cyber officials consistently say more information is needed on attacks as they occur. A lack of reporting by ransomware victims hinders law enforcement’s ability to take action and ensures more activity occurs in the shadows.