Ransomware has been a threat to businesses since the 1980s. However, over the last few years, ransomware attacks have become a part of everyday threats – in 2021, the number of ransomware attacks worldwide peaked by 105% compared to the previous year. And things are looking even bleaker in 2023.
Major cybersecurity firms like the US Cybersecurity and Infrastructure Security Agency and the UK’s National Cyber Security Centre have already sent warnings about the threat.
For details about mitigation and remedies, read our guide on what to do if you’re infected by ransomware.
The growing ransomware attacks
This year, in 2023, ransomware attacks have risen by 95.41% compared to 2022, showing no signs of slowing down. Ransomware victims have already crossed 3,311 in the current year, and it is expected to be the first year to post 4,000 ransomware attacks on leak sites.
According to reports from cyber insurance specialists Corvus, the third quarter witnessed a surge, with ransomware leak sites identifying 1,278 victims – an 11.22% increase from the second quarter.
Law firms (up 70%), oil and gas (up 142%), and municipalities (up 95%) are among the most targeted industries. Manufacturing enterprises are another popular target (up 60%). Hotels, telecommunications, retail, transportation, real estate, storage, and logistics all saw double-digit growth in 2023.
According to data from Chinalysis, a crypto tracing company, victims have already paid $449.1 million to ransomware groups in the first six months of 2023. That figure did not even reach $500 million for the entire year of 2022.
Going by their data, if this spike in payments continues, the total amount might reach up to $898.6 million by the end of this year. After 2021's ransomware revenue of $939.9 million, 2023 will be the second-biggest.
Ransomware keeps evolving
Recent studies indicate that well-known ransomware gangs like LockBit introduced a variant designed to infect Apple macOS devices. Meanwhile, ransomware provider Cyclops has designed ransomware to infect major OS systems, including Linux, Windows, and MacOS. There’s also Cactus, made to gain access to the system’s network by exploiting vulnerabilities in a VPN being used.
Two new ransomware programs, the MoneyMessage and 8Base, emerged in the second quarter of 2023.
8Base was launched in March 2022, but its activity notably increased in June 2023. It conducts file encryption and data theft using its customized Phobos ransomware, which is available in the black market as a RaaS. MoneyMessage is similar in that it uses a double extortion model and was discovered in March 2023.
Phishing and REvil
Latest ransomware statistics revealed that phishing is the most common method used to deliver ransomware. In a recent survey of around 1,400 organizations, 75% experienced a ransomware attack, indicating its continued prevalence.
It's worth noting that phishing, in most cases, doesn’t aim to steal data but rather to obtain login credentials. Hackers use these credentials to access the internal network, through which they’ll deliver the ransomware.
Phishing is also used to deliver REvil ransomware. The REvil group was responsible for around 37% of ransomware attacks in 2021. It was launched in 2019 and worked for 31 months as a ransomware-for-service provider, offering the software to criminals on a subscription basis. This was one of the longest-operated ransomware groups, and it was eventually shut down in 2021.
Recent research by Palo Alto Networks Unit 42 found that, on average, 70% of ransomware attacks involved data theft in 2022, whereas in mid-2021, data theft occurred in only about 40% on average. Additionally, according to research conducted by Cisco Talos, there has been an increase in data theft extortion by 25% in the second quarter of 2023.
All these researches are signs that data theft and multiple extortions are on the rise. In these attacks, scammers blackmail the organization into leaking their data if the ransom is not paid.
Hawaii Community College recently paid money to a ransomware group to prevent confidential data leakage. Although the entries were removed after they paid the ransom, who's to say that the group won't target them again or leak the data in the future?
Ransomware attacks are becoming more prevalent and are affecting almost every business. This is backed by the expansion of existing affiliate schemes, an increase in new scammers, and the pursuit of increased revenues by scammers.
The accessibility of ransomware operations has become easier due to RaaS schemes, putting small businesses at equal risk as large businesses. The concluding word on the matter is that it’s super important to implement proactive measures and take immediate action to mitigate the risks of ransomware and associated data theft.
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Krishi is a VPN writer covering buying guides, how-to's, and other cybersecurity content here at Tom's Guide. His expertise lies in reviewing products and software, from VPNs, online browsers, and antivirus solutions to smartphones and laptops. As a tech fanatic, Krishi also loves writing about the latest happenings in the world of cybersecurity, AI, and software.