Elevated ransomware activity hit nearly 5,200 organizations in 2023
Almost 5,200 organizations were hit by ransomware attacks in 2023, Rapid7 said in a Friday blog post, pulling research from public disclosures and incident data from its managed detection and response team.
“In reality, we believe that number was actually higher because it doesn’t account for the many attacks that likely went unreported,” Christiaan Beek, senior director of threat analytics at Rapid7, said in the report.
Rapid7 didn’t provide numbers for 2022, but research from other firms concludes the number of ransomware attacks is rising. There were twice as many ransomware attacks in the second half of 2023, compared to the latter half of 2022, according to BlackFog.
While ransomware activity remains high, the number of unique ransomware families used for these attacks decreased by more than half from 95 new families in 2022 to 43 in 2023, according to Rapid7. This suggests the current ransomware families and models are meeting threat actors’ goals, according to Beek.
The most active ransomware groups of 2023 should come as little surprise to defenders and industry observers.
AlphV was the most active threat group last year, according to Rapid7.
The group, also known as BlackCat, compromised more than 1,000 entities and received nearly $300 million in ransom payments as of September, according to cyber authorities. The FBI and the Cybersecurity and Infrastructure Agency deemed AlphV the second-most prolific ransomware service in the world.
Law enforcement infiltrated and shut down the infrastructure of AlphV in mid-December, but the group re-emerged hours later and continues to post new alleged victim organizations to its data leak site.
The next four most active ransomware groups in 2023 include BianLian; Clop, the group behind the widely exploited zero-day vulnerability in Progress Software’s MOVEit file-transfer service; LockBit 3.0, the group most recently linked to exploits of the critical CitrixBleed vulnerability; and Play.
Exploits of public-facing applications and legitimate account credentials were the top initial attack vectors observed in ransomware attacks throughout 2023, according to Rapid7.