Ransomware attacks are up significantly in the first months of 2023


There has been a significant resurgence of ransomware attacks in early 2023, new data has shown.

In March of this year, 410 people reported that they had been a victim of ransomware attacks, indicating a significant increase compared to the 208 reported victims of April 2022. Additionally, the numbers from March were 1.6 times higher than those reported in the peak month of 2022, the first annual Ransomware Threat Landscape Report published Monday by Black Kite Research has shown.

Ransomware is defined by the Cybersecurity and Infrastructure Security Agency as a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. One in four organizations fell victim to a cyber attack last year, leading to production, reputation, and financial losses. 

The report by Black Kite Research analyzed 2,708 ransomware victims targeted by ransomware groups between April 1, 2022, and March 31, 2023. It noted key trends, targeted industries, and countries, as well as the prominent ransomware groups behind these attacks. 

“While there were some signs of ransomware decreasing last year due to increased pressure from law enforcement and several ransomware groups shutting down, the last few months serve as a stark reminder that we are far from being in the clear,” said Bob Maley, CSO at Black Kite.

“As more ransomware groups exploit vulnerabilities in third-party vendors, businesses will be blindsided unless they continuously monitor their extended ecosystem for susceptibility indicators and the earliest warning signs of risk.”

Computer hacking (illustrative) (credit: REUTERS)

Who was targeted most by ransomware?

The report found that manufacturing is the top targeted industry for ransomware attacks. Professional, scientific and technical services trailed close behind.

Furthermore, The United States was the top targeted country, with 43% of victim organizations, followed by the UK (5.7%) and Germany (4.4%).

Who is behind these attacks?

The report found that a ransomware group called LockBit was responsible for 29% of attacks during the analyzed period, making them the top ransomware group. 

AlphaVM (BlackCat) was the runner-up, responsible for 8.6% of attacks. The report states that 55% of BlackCat’s victims are US-based companies, but other countries are not immune. 44 countries reportedly have been victims of BlackCat attacks. 

Black Basta came in third place. The group was responsible for 7.2% of attacks in early 2022, according to the report. One of their notable victims was the American Dental Association which had its data stolen and posted on the Black Basta’s website. 

How to stay safe from ransomware

The report provides security measure tips for organizations to protect against ransomware. Suggestions include ensuring all systems and software are up-to-date.

Furthermore, the report recommends backing up critical data often and developing and maintaining a comprehensive incident response plan. 

Cyberattacks target Israel

An Iran-linked hacker group referred to as “Educated Manticore” has begun conducting cyberattacks against Israeli targets using a new version of malware used by other well-known Iranian hackers, alongside other methods rarely seen “in the wild,” according to a new report published by the Israeli cybersecurity company Check Point on Tuesday.

The new attack was first noticed in January when two people with Israeli IP addresses submitted the malicious file to VirusTotal, a database that tracks computer viruses.

The file is an ISO file called “Iraq development resources” containing a large number of files, including PDFs in Arabic, English and Hebrew containing academic content about Iraq. Check Point noted that this indicates that the targets may have been academic researchers.

Tzvi Joffre contributed to this report.