Ransomware has been a threat to businesses since the 1980s. In the last few years, however, ransomware attacks have become part of the daily threat landscape: in 2021, the number of ransomware attacks worldwide peaked at 105% of the previous year's total. And in 2023, the situation is even worse.

Leading cybersecurity firms such as the U.S. Cybersecurity Infrastructure Security Administration and the National Cyber Security Center in the UK have already sent warnings about the threat.

For more information on mitigations and what to do, read our guide on what to do if you are infected with ransomware.

This year, 2023, ransomware attacks are up 95.41% compared to 2022 and show no signs of slowing down. Ransomware victims have already exceeded 3,311 this year, and is expected to be the first year to post 4,000 ransomware attacks on leaked sites.

Cyber insurance specialist Corvus reported a surge in the third quarter, with 1,278 victims identified by ransomware leak sites, up 11.22% from the second quarter.

Law firms (up 70%), oil and gas (up 142%), and municipalities (up 95%) are the most targeted industries. Manufacturing is another popular target (+60%). Hotels, telecommunications, retail, transportation, real estate, warehousing, and logistics all recorded double-digit growth in 2023.

According to data from crypto-tracking firm Chinalysis, victims have already paid $449.1 million to ransomware groups in the first six months of 2023. This figure has not reached $500 million for the full year of 2022.

According to the company's data, if this surge in payments continues, the total could reach $898.6 million by the end of this year, making 2023 the second largest year for ransomware revenue after the $939.9 million in 2021.

According to recent studies, well-known ransomware gangs such as LockBit have introduced variants designed to infect Apple macOS devices. Meanwhile, ransomware provider Cyclops has designed ransomware that infects major OS systems including Linux, Windows, and MacOS. There is also Cactus, which is designed to exploit vulnerabilities in the VPNs used to gain access to the system's network.

In the second quarter of 2023, two new ransomware programs emerged, MoneyMessage and 8Base.

8Base was launched in March 2022, but its activity increased markedly in June 2023. It uses customized Phobos ransomware to encrypt files and steal data, which is available on the black market as RaaS; MoneyMessage is similar in that it uses a dual extortion model and was discovered in March 2023.

The latest ransomware statistics reveal that phishing is the most common method used to deliver ransomware. In a recent survey of nearly 1,400 organizations, 75% experienced ransomware attacks, indicating that ransomware continues to be prevalent.

It is worth noting that in most cases, phishing is not about stealing data, but about obtaining login credentials. Hackers use these credentials to gain access to internal networks from which they deliver ransomware.

Phishing is also used to deliver REVIL ransomware; the REvil group was involved in about 37% of ransomware attacks in 2021. It was launched in 2019 and operated for 31 months as a ransomware-for-service provider, providing software to criminals on a subscription basis. It was one of the longest-running ransomware groups, eventually shutting down in 2021.

A recent study by Palo Alto Networks Unit 42 found that on average, 70% of ransomware attacks involved data theft in 2022, while in mid-2021, data theft only occurred on average about 40% of the time. Furthermore, a study conducted by Cisco Talos shows a 25% increase in data theft extortion in the second quarter of 2023.

All of these studies are indications that data theft and multiple forms of extortion are on the rise. In such attacks, fraudsters blackmail organizations to pay a ransom or else their data will be exfiltrated.

Hawaii Community College recently paid money to a ransomware group to prevent the exfiltration of sensitive data. After paying the ransom, the entries were removed, but there is no guarantee that this group will not target or exfiltrate data again in the future.

Ransomware attacks are becoming increasingly prevalent and affecting almost every business. This is due to the expansion of existing affiliate schemes, the growth of new scammers, and the pursuit by scammers of increased revenues.

RaaS schemes have facilitated access to ransomware operations, exposing small and medium-sized businesses to the same risks as large corporations. In conclusion, it is super important to implement proactive measures and take immediate action to mitigate the risk of ransomware and related data theft.