BlackFog has been recording publicly disclosed ransomware attacks since 2020, and in 2023 we also began recording the number of undisclosed attacks, those that are listed on the data leak sites and dark web by the attackers. The 2023 ransomware attack report summarizes the key findings from 2023 compared to previous years.
2023 was a watershed moment for ransomware, one that saw records broken in 11 of the 12 months over the previous years since 2020. In fact, 2023 saw a massive 68% in the number of attacks over 2022 (our previous record), with a total of 630 ransomware attacks.
We note that it only took the first 9 months of the year for 2023 to eclipse the entirety of attacks of 2022. The largest month on record was November with a total of 89 attacks followed by December and September, both with 70.
Most notable during 2023 was the continued increase in the level of data exfiltration, which finished the year at 91%. Virtually all attacks and variants do not focus on encryption at all. Extortion is the key goal of virtually all attacks and is ultimately the key leverage used against victims. Some gangs are even utilizing new regulations from the SEC to report the attack themselves and force the victims to pay.
While we have no comparison for undisclosed attacks from 2022, we witnessed a bit of a roller coaster ride when calculating the ratio of unreported to reported attacks last year. We saw this finally settle at 5 times the number of reported attacks, significantly down from 14 times in the first quarter of the year. We attribute this to a number of regulatory changes that are forcing public companies to disclose attacks. There is also some realization that trying to hide an attack can cause more damage than it’s worth from a reputational and liability perspective.
Geography
The USA, UK, Canada, and Australia were the top 4 targets of 2023 with 55%, 8%, 4% and 3% respectively for a total of 70% of all publicly disclosed attacks. This was 7% higher overall than the top 4 in 2022, but most notably there was a 9% increase in attacks on the USA. The other countries showed no significant changes from 2022.
For the first time ever, more than 1 in every 2 victims were in the USA. This year we also saw data exfiltration to China increase to 29% (2% increase) of all attacks, followed by Russia with 9% (8% decrease). The impact of sanctions and several high-profile takedowns by coordinated governments helped decrease the number and extent of Russian gangs through 2023. The void is being increasingly filled by China which saw large gains last year.
Organizational
In 2023 we saw the healthcare sector dominate the number of attacks with a massive 138% increase over 2022, representing 21% of all attacks. This was followed by education and government with 70% and 57% increases respectively from 2022, rounding out the top 3 sectors. This was followed by the manufacturing and technology sectors with 76% and 46% increases respectively from 2022.
We also saw a large decrease in the size of targeted organizations with an average of 6,918 employees, a 285% decrease from 2022. This highlights a general trend we saw in 2023 with the increased targeting of small to medium size organizations.
Variants
The top ransomware variants of 2023 were LockBit (19.2%), BlackCat (18.4%), Medusa (5.5%) and Play (4.6%). Notably, LockBit and BlackCat now represent 38% of all attack variants and were up 3.5% and 5.4% respectively over 2022. This increase in both is particularly significant when we consider the overall volume of attacks, representing increases of 149% for LockBit and 186% for BlackCat over 2022.
We also witnessed several trends throughout 2023 and we discuss these in more detail in a separate blog, “The 6 Key Ransomware Trends of 2023”.
Related Posts
Is Transparency Important Beyond Compliance After a Cyberattack?
Understand whether transparency following a cyberattack matters beyond compliance - with real-life examples like Uber's cover-up. Learn the benefits and risks of transparency - from trust building to reputation risk.
A quarter of cybersecurity leaders want to quit
A new research study commissioned by BlackFog reveals that 24% of cybersecurity leaders are looking to leave their jobs due to stress and high demands.
Ongoing: New Ransomware Gangs in 2024
Ransomware gangs continue to break records and BlackFog will track all new ransomware gangs in 2024.
TAG Blog Series 4 – An ADX Action Plan for Enterprise
In this 4th blog series, we explore the benefits of Anti Data Exfiltration (ADX) and how BlackFog effectively implements this crucial on-device protection. We provide actionable recommendations for developing an ADX action plan tailored to various organizational needs and business scenarios, ensuring practical and effective deployment of ADX solutions.
BlackFog Wins 2024 CyberSecurity Breakthrough Award
BlackFog Wins Coveted ‘AI-based Cybersecurity Innovation of the Year' in the 2024 CyberSecurity Breakthrough Awards Program
Big Game Hunting is on the Rise in Cybercrime
Big game hunting in cybercrime refers to attacks where cybercriminals target large organizations with the goal of demanding hefty ransoms. This article explores the tactics used in these attacks, provides real-world examples, and explains why this form of cybercrime is becoming increasingly common.