2023 was a big year for ransomware groups, even as law enforcement around the world continued to crack down on attackers.
Palo Alto Networks' Unit 42, the threat intelligence firm, found a 49 percent increase in victims reported by ransomware leak sites, with a total of nearly 4,000 posts on those sites from different ransomware groups. Unit 42 said the increase was due to the massive impact of attacks that exploited zero-day vulnerabilities, which are security flaws that developers have yet to identify. They pointed out the hack of the MOVEit Transfer software that the US Government Connected to CL0P Ransomware Gang, as an example. The Cybersecurity and Infrastructure Security Agency estimated that the attack compromised more than 3,000 organizations based in the US and 8,000 worldwide.
Nearly half of the ransomware victims identified by Unit 42 were in the US, and the hardest hit industries were manufacturing, professional and legal services, and high technology.
Unit 42 identified 25 new breach sites last year that offered ransomware as a service. But he said at least five appear to have closed, as they had no new positions in the second half of the year. The roughly two dozen new sites accounted for 25 percent of total ransomware releases in 2023, Unit 42 said.
Still, the prominence of some ransomware groups also attracted the attention of authorities, who were successful in several cases, Unit 42 said. The group praised law enforcement's role in disrupting groups like Hive and Ragnar Locker in 2023. Hive extorted $100 million in ransom payments. according to the US Department of Justice., and caused major disruption, including at a hospital that had to go analog following his attack and could not accept new patients. Ragnar Locker attacked critical infrastructure, including a Portuguese national airline and an Israeli hospital. according to European authorities.
The report follows findings from Chainalysis, a blockchain data company that recently published its crypto-crime-report-introduction/#:~:text=Scamming%20and%20Stolen%20Funds%20down,29.2%25%20and%2054.3%25%20respectively.”>own report on crypto crime trends. While the company found a drop in the total value of overall illegal crypto activity in 2023 based on preliminary findings, ransomware revenue increased. Chainalysis suggested that “ransomware attackers have adapted to organizations’ cybersecurity improvements.”
