Ransomware attacks may have plateaued in 2022, according to the recently released 2023 Verizon Data Breach Investigations Report (DBIR), but cybersecurity experts caution against complacency. While the share of breaches involving ransomware remained steady at 24%, the report reveals a more nuanced picture of the evolving threat landscape.

Ransomware attacks in 2023 continue to worry experts

Verizon’s comprehensive analysis of 16,312 incidents and 5,199 confirmed data breaches between November 2021 and October 2022 sheds light on key themes such as ransomware, social engineering attacks, and Log4j exploitation. The report highlights that while the rate of ransomware attacks appears to be leveling out, the growing list of victims, including cities like Dallas and Lowell, Massachusetts, raises concerns about the future of this malicious trend.

An intelligence analyst at Recorded Future, Allan Liska underscored the difficulty in assessing the ransomware landscape due to underreporting by victims and fragmented reporting requirements. However, Verizon’s international data suggests that ransomware remains a significant threat, with a consistent 24% of breaches involving ransomware across 81 countries.

The financial costs associated with these attacks vary widely. Only 7% of US victims who reported to the FBI reported financial losses, ranging from as little as $1 to a staggering $2.25 million. Nonetheless, the report reveals that the median reported loss has doubled from the previous year, reaching $26,000 on average.

Managing Director of cybersecurity consulting at Verizon Business and Manager of the DBIR, Chris Novak described the past year as a period when threat actors adapted their tactics to bypass improved security measures. He explained that threat actors increasingly find ways to infiltrate organizations’ sensitive areas to extract larger ransom payments as defenders improve their security posture.

Ransomware gangs have also shifted their tactics to focus on data theft and extortion, aiming to evade detection. Paradoxically, despite initial assurances made by threat actors during the COVID-19 pandemic, healthcare institutions have become primary targets. Novak suggests a connection between the growing breaches against healthcare organizations and the shrinking pool of vulnerable targets, making them more appealing for ransomware attacks.

The 2023 DBIR also highlights the healthcare industry’s continued vulnerability to ransomware attacks, noting a rise in breaches involving stolen data triggered by ransomware. While the growth rate of ransomware attacks may have slowed, Alex Pinto, lead author of the report, warns against underestimating their impact, stating, “I wouldn’t count them out yet.”

Verizon’s analysis further reveals that organized-crime attackers were responsible for 62% of all ransomware incidents and 59% of incidents driven by financial motives. This aligns with the trend observed in the 2022 DBIR, which saw a 13% increase in ransomware breaches from the previous year. Shockingly, ransomware attacks have more than doubled between 2022 and 2023, accounting for a staggering 62% of all data breaches this year.

As the threat landscape evolves, experts emphasize the importance of maintaining robust cybersecurity measures and proactive response strategies to counter the persistent ransomware menace.