Ransomware continues to cast a formidable shadow over organizations worldwide. From the resurgence of prominent ransomware families to targeted regions and sectors, we uncover the narratives within the statistics, offering insights into the ongoing battle against this pervasive cyber threat.
Ransomware in September 2023: an Overview
In September, the landscape of ransomware activity witnessed an unprecedented surge, following a relatively subdued period in August that still surpassed typical summer month standards.
According to data from NCC Group, a staggering 514 ransomware attacks were launched in September, surpassing the activity recorded in March 2023, which tallied 459 attacks. Interestingly, this March data was heavily influenced by Clop’s MOVEit Transfer data theft attacks.
The absence of significant activity from Cl0p in September suggests the possibility of the sophisticated ransomware gang preparing for a substantial upcoming attack. However, other threat groups stepped into the spotlight, with LockBit 3.0 leading with 79 attacks, followed closely by newcomers like LostTrust (53) and BlackCat (47). LostTrust, making a dynamic entrance to second place, is believed to be a rebrand of MetaEncryptor due to significant code overlaps, and it has already encrypted the networks of numerous organizations, leading to data leaks.
Another newcomer, RansomedVC, secured the fourth spot with 44 attacks, although some of these claims were later found to be exaggerated. This influx of new ransomware operations underscores their aggressive nature and the capacity for substantial scale, with nearly one in five September attacks originating from these emerging threat actors.
Ransomware Statistics 2023: Targeted Countries and Sectors
In terms of targeted regions, North America emerged as the predominant focus, claiming a substantial 50%, followed by Europe at 30%, and Asia securing the third position with 9%. Unveiling the sectors under the most intensive assault, ‘industrials’ (encompassing construction, engineering, and commercial services) took the lead with 169 attacks, closely followed by ‘consumer cyclicals’ (encompassing retail, media, and hotels) with 94 incidents.
Technology sectors, including software and IT services, networking, and telecommunications, faced 52 attacks, while healthcare encountered 38. According to NCC’s comprehensive report covering January 2023 to September 2023, nearly 3,500 attacks have been recorded, hinting at a probable year-end figure approaching 4,000.
Aligning with this, a prior report by Chainalysis forecasted 2023 to be a record-breaking year for ransomware payments. Despite sustained efforts by law enforcement to curb this matured threat, ransomware persists as a shape-shifting menace, continually evolving its initial access methods and adopting increasingly covert tactics and payloads.
Top 3 Ransomware Families in Q3 2023
According to a report by Cybering for Q3 2023, LockBit3.0 has maintained its dominance, asserting its position as the foremost ransomware group with 252 new victims, constituting 17.7% of all ransomware cases. Securing the second spot is Cl0p Ransomware, claiming a substantial 177 victims.
It’s noteworthy that this count was amassed over two of the three months in the quarter, as no victims were announced for September. The ALPHV ransomware group secured the third position with 120 victims in this quarter, showcasing its enduring presence in the ransomware landscape.