Annual ransomware attacks increased by 84% in 2023.
- Total annual ransomware cases are up 84% compared to 2022.
- Industrials (32%), Consumer Cyclicals (15%), and Technology (11%) were the most targeted sectors for the year.
- North America (50%), Europe (28%), and Asia (10%) remain the most targeted regions.
February 2024 – NCC Group’s Annual Cyber Threat Report reveals that global ransomware attack cases rose by 84% in 2023, totaling 4,667 cases. This is a staggering increase from the 2,531 attacks recorded the previous year in 2022.
The stark rise in attacks was primarily driven by a wave of new players entering the ransomware threat landscape, with three additional threat actors arriving in December alone (Hunters, DragonForce, and WereWolves).
Industrials remain a top target
Like the previous year, Industrials remained the sector most targeted in 2023. With 1,484 attacks, the sector accounted for 32% of global ransomware attacks. Compared to 2022, attacks on Industrials increased by 85% (1484 attacks) year-on-year.
Industrials remained the most targeted sector given the large amount of sensitive information and data Professional & Commercial Services and Consultancies store. This makes them highly lucrative to threat actors.
Consumer Cyclicals came second with 695 attacks (15% of total attacks), followed by Technology with 503 (11%). While the most targeted sectors remained similar in both years, there was a consistent trend of each individual industry seeing a year-on-year rise in ransomware attacks.
LockBit retains the top spot
LockBit remained the most prominent ransomware group of 2023. The group’s ransomware attacks jumped by over 20% to 1,039 attacks for LockBit 3.0 in 2023. While retaining the top spot with the most attacks in 2022, there was a stark increase from 846 total attacks for LockBit 2.0 and 3.0 (465 and 381 attacks, respectively).
Cl0p took third place with an extraordinary increase of 609% compared to 2022, as attack numbers rose from 57 to 404 in 2023. Despite being inactive for 33% of the year, it managed to come in third, relying on campaigns in March, June, and July – in which it exploited the infamous GoAnywhere and MOVEit vulnerabilities.
North America continues to be the most targeted region
Following the usual pattern from NCC Group’s monthly threat pulses, North America, Europe, and Asia were the targets of over 80% of ransomware attacks. North America remains the most targeted area, accounting for 50% of attacks (2,330), with Europe accounting for 28% (1,300) and Asia for 10% (475) of attacks.
NCC Group deduced that this was primarily due to threat actors perceiving these regions as wealthier, therefore increasing the rate of attacks.
Spotlight –Operation Duck Hunt – hackers vs the law
In 2023, law enforcement operations across the globe showed their ability to have a significant and abrupt impact on the threat landscape—this increased pressure on threat actors to broaden their toolsets to minimize business interruption. One example was Operation Duck Hunt, an FBI-led operation that dismantled Qakbot, a leading malware family loader.
While the increasing level of law enforcement and government intervention has led to the takedown of Qakbot, several strong players, including DarkGate and Pikabot, remain. With these new players joining the scene at pace, the arsenal of tools and instruments available to threat actors is ever growing.
Matt Hull, Global Head of Threat Intelligence at NCC Group, said:
“The last year saw the highest volume of ransomware victims we have recorded at NCC Group, with an 84% increase from 2022. This huge volume of attacks, which has also increased due to new and innovative techniques used by ransomware operators, shows that no organization in any sector or region is safe.
“Key concerns from 2023 that are likely to continue this year include the ongoing threat to national infrastructure by hacktivists and Foreign Intelligence services. With major geopolitical conflicts in the Middle East, Eastern Europe, and Asia, these risks are likely to remain as we enter a year that will also be dominated by politics due to the vast number of elections set to take place.
“However, the increase in law enforcement action against ransomware marks a positive step forward in the coming year. And with governments continuously showing greater concern through The Counter Ransomware Initiative, there is a real opportunity in 2024 to fight back against the threats from major threat actors. Ultimately, with 2023 being explosive for ransomware attacks, cyber security has never been a higher priority.”
Notes to Editors
About NCC Group:
NCC Group is a people-powered, tech-enabled global cyber security and software escrow business.
Driven by a collective purpose to create a more secure digital future, c2,000 colleagues across Europe, North America, and Asia Pacific harness their collective insight, intelligence, and innovation to deliver cyber resilience for over 14,000 clients across the public and private sectors.
With decades of experience and a rich heritage, NCC Group is committed to developing sustainable solutions that continue to meet clients’ current and future cyber security challenges.