NCC Group’s Annual Threat Report reveals that global ransomware attack cases rose by 84% in 2023 with a total of 4,667 cases. This is a staggering increase from the 2,531 attacks recorded the previous year in 2022.
The stark rise in attacks was primarily driven by a wave of new players entering the ransomware threat landscape, with three additional threat actors arriving in December alone (Hunters, DragonForce and WereWolves).
Industrials remain a top target
Like the previous year, Industrials remained the sector most targeted in 2023. With 1,484 attacks, the sector accounted for 32% of global ransomware attacks in the year. In comparison to 2022, attacks on Industrials increased by 85% (1484 attacks) year-on-year.
Industrials remained the most targeted sector given the large amount of sensitive information and data Professional & Commercial Services and Consultancies store. This makes them extremely lucrative for threat actors.
Consumer Cyclicals came second with 695 attacks (15% of total attacks), followed by Technology with 503 (11%). While the most targeted sectors remained similar in both years, there was a consistent trend of each individual sector seeing a year-on-year rise in ransomware attacks.
LockBit retains top spot
LockBit remained the most prominent ransomware group of 2023. The group’s ransomware attacks jumped by over 20% to 1,039 attacks for LockBit 3.0 in 2023. While still retaining the top spot with most attacks in 2022, there was a stark increase from 846 total attacks for LockBit 2.0 and 3.0 (465 and 381 attacks respectively).
Cl0p took third place with an extraordinary increase of 609% compared to 2022, as attack numbers rose from 57 to 404 in 2023. Despite being inactive for 33% of the year, it managed to come in third relying on campaigns in the months of March, June, and July – in which it exploited the infamous GoAnywhere and MOVEit vulnerabilities.
North America continues to be the most targeted
Following the usual pattern from NCC Group’s monthly threat pulses, North America, Europe, and Asia were the targets of over 80% of ransomware attacks. North America remains the most targeted region, accounting for 50% of attacks (2,330), with Europe accounting for 28% (1,300) and Asia for 10% (475) of attacks.
NCC Group deduced that this was primarily due to threat actors perceiving these regions as wealthier, therefore increasing the level of attacks.
Spotlight –Operation Duck Hunt – hackers vs the law
In 2023, law enforcement operations across the globe showed their ability to have a significant and abrupt impact on the threat landscape. This placed increasing pressure on threat actors to broaden their toolsets to minimise business interruption. One example of this was Operation Duck Hunt, an FBI-led operation, which dismantled Qakbot, a leading malware family loader.
While the increasing level of law enforcement and government intervention has led to the takedown of Qakbot, several strong players, including DarkGate and Pikabot, remain. With these new players joining the scene at pace, the armoury of tools and instruments available to threat actors is ever growing.
Matt Hull, global head of Threat Intelligence at NCC Group said: “The last year saw the highest volume of ransomware victims we have recorded at NCC Group, with an 84% increase from 2022. This huge volume of attacks, which has also increased due to new and innovative techniques used by ransomware operators, shows that no organisation in any sector or region is safe.
“Key concerns from 2023 that are likely to continue this year include the ongoing threat to national infrastructure by hacktivists and Foreign Intelligence services. With major geopolitical conflicts in the Middle East, Eastern Europe and Asia, these risks are likely to remain as we enter a year that will also be dominated by politics due to the vast number of elections set to take place.
“However, the increase in law enforcement action against ransomware marks a positive step forward in the coming year. And with governments continuously showing greater concern through The Counter Ransomware Initiative, there is a real opportunity in 2024 to fight back against the threats from major threat actors. Ultimately, with 2023 being explosive for ransomware attacks, cyber security has never been a higher priority.”
