Activity surpassed the total seen in the prior year
Ransomware activity for 2023 had surpassed the total number recorded in 2022 by 68%, according to a report by Corvus Insurance (Corvus), a cyber underwriter.
Corvus’ Q4 2023 Ransomware Report found that ransomware attacks occurred at a record-setting pace during 2023. It revealed that for the first three quarters of the year, ransomware attacks had been increasing, only slightly declining by the last quarter.
“While ransomware activity spiked to an all-time high in 2023, the real story here is the incredible impact law enforcement had on these groups as we closed out the year,” said Jason Rebholz, CISO, Corvus Insurance.
International law enforcement activity in Q4 was able to take down ALPHV/BlackCat, which Corvus identified as one of the most prolific ransomware gangs.
Qakbot, a pervasive malware that was used to gain access to networks of victims, was also eliminated. It was the most commonly observed malware family spread through email in the third quarter of 2023. It accounted for 31% of the total ransomware volume seen in Q3.
These actions allowed the last quarter of 2024 to see a 7% drop in ransomware attacks from the third quarter, amounting to 1,278 victims. However, the number was still a notable increase from the previous year.
“Unfortunately, there’s no time to celebrate. Threat actors are resilient and have quickly pivoted to new malware, which means everyone must remain vigilant in their commitment to mitigating these threats,” said Rebholz.
The number of active ransomware groups increased by 34% between the first and last quarter of 2023, due to well-known groups making their proprietary encryptors available on the dark web.
“While many will remember 2023 for its record-setting number of ransomware attacks, what is equally noteworthy is the resiliency of threat actors who, despite growing action from law enforcement, were quick to use new forms of malware to secure initial access,” said Rebholz.
This move by ransomware groups allowed 10 new ransomware groups to use Babuk’s encryptor, which was leaked last 2021. Larger defunct groups also began the formation of splinter groups, increasing the number of ransomware gangs.
“Throughout 2024, we will undoubtedly witness much of the same activity, as criminals continue to attack, shift, re-brand, and strike again. Businesses should remain prepared with enhanced security controls and cyber insurance policies to help minimize risk,” said Rebholz.
In total, 2023 saw 4,496 leak site victims of ransomware attacks, which was a considerable increase from 2,670 in 2022 and 3,048 in 2021.
Corvus Insurance’s Q4 2023 Ransomware Report was made with the data from eCrime.ch and Malware Bazaar, which are ransomware leak sites maintained by ransomware groups where uncooperative victims and stolen data are posted.
What are your thoughts on this story? Share them in the comments below.
Keep up with the latest news and events
Join our mailing list, it’s free!