New threat actors contribute to a 45% rise in ransomware attacks year-on-year.
- Total ransomware cases in December 2023 fell by 12% from November.
- Industrials (29%), Consumer Cyclicals (16%), Technology (12%) most targeted sectors.
- North America and Europe were targets for 80% of all cases.
January 2024 - In December 2023, global ransomware attacks fell by 12% from November, with a total of 391 cases compared to 442 in the previous month, according to NCC Group’s December Threat Pulse.
The figures for December take the total number of ransomware attacks in 2023 to 4,667, far beyond NCC Group’s initial expectations that cases would hit 4,000. The annual total marks an 84% increase from all recorded ransomware attacks in 2022.
New threat actors emerge to close 2023.
Despite the usual threat groups responsible for ransomware attacks, December saw three new groups enter the top ten most active. Following November figures, LockBit took the top spot for most ransomware attacks, responsible for 82 cases. Cactus followed with 29 cases, and groups Play and BlackCat ranked joint third with 28 cases each.
Data reveals that newcomer Hunters ranked in fifth place with 22 cases (6% of total). The group is believed to be a rebrand of Hive, dismantled by Europol and the FBI earlier in 2023. Responsible for 21 cases (5%), DragonForce ranked sixth and has been active since the Summer of 2022. WereWolves also joins the ranking in the tenth spot, with speculation that they are a LockBit affiliate.
Russia becomes target of attacks.
Unsurprisingly, North America and Europe remained the two most targeted regions in December, with 80% of global attacks between them. North America experienced 51% (199) of all attacks, down from 219 in November, with 114 attacks in Europe marking a 29% regional reduction in cases. In third place, Asia witnessed 37 attacks, also representing a decrease of 20%.
However, attacks rose in South America in December by 19% (19), with figures for Oceania staying the same as November with 10 attacks. Most notably, the data also reveals that attacks in Russia rose in December to 12 cases, accounting for 11% of all attacks levied against targets in Europe, compared to the whole of 2023.
Healthcare becomes frequently targeted sector.
Despite healthcare not placing in the top three most targeted sectors, it is now regarded as frequently at risk of ransomware attacks. Following October and November, when healthcare was in the top three most targeted sectors, the total volume of ransomware attacks on healthcare in 2023 has resulted in it being considered at similar risk to other sectors.
In December, industrials, consumer cyclicals, and technology were the most targeted sectors. As expected, industrials took the top spot with 29% of total cases (114), continuing to be targeted for the breadth and diversity of organizations within the sector as well as the quantity of Personally Identifiable Information (PII) and Intellectual Property (IP).
Consumer cyclicals was in second place with 16% of attacks (64), and the technology sector ranked in third place with 12% (47) of all attacks in December.
Spotlight – Increased activity of malware families.
In December, malware families (a group of applications with similar attack techniques) were more active than in previous months. Two malware families were especially notable last month: Hydra mobile malware and Qakbot, which displayed unexpected activity following the malware family’s infrastructure take-down at the end of August.
The infostealer Meduza Stealer also resurfaced with a new version to help cybercriminals make their attacks more sophisticated through methods like account takeover (ATO), online banking theft, and financial fraud. The re-emergence of significant malware families helps attackers develop their own methods of gathering intelligence and understanding vulnerabilities to prepare for ransomware delivery to their victims.
Matt Hull, Global Head of Threat Intelligence at NCC Group, said:
“Although December saw a slight dip in ransomware levels down from the November statistics, the overall increase from December 2022 is a reminder of the growing cyber threat landscape and the importance of adopting the appropriate preventative measures to mitigate the risk of complex attacks.
“Closing 2023 with over 4,000 global ransomware attacks reflects the sharp rise of cybercriminal activity compared with 2022. Over the year, we’ve seen the development of sophisticated attack methods, allowing both new and old threat groups to exploit vulnerabilities of victims across a range of sectors and, in particular, present threats to healthcare, where we’ve seen notable successful attacks over the last 12 months with vast volumes of data being compromised.”
Notes to Editors:
NCC Group is a people-powered, tech-enabled global cyber security and software escrow business.
Driven by a collective purpose to create a more secure digital future, c2,000 colleagues across Europe, North America, and Asia Pacific harness their collective insight, intelligence, and innovation to deliver cyber resilience for over 14,000 clients across the public and private sectors.
With decades of experience and a rich heritage, NCC Group is committed to developing sustainable solutions that continue to meet clients’ current and future cyber security challenges.
Monthly Cyber Threat Intelligence Webinar
Our team of experts keep a constant watch over the cyber and geopolitical landscape, so you don’t have to. Our monthly webinars give you further insight and exclusive access to what's happening now.
Join our Global Head of Threat Intelligence, Matt Hull, each month:
Contact
NCC Group Press Office
All media enquires relating to NCC Group plc.