BlogNews23RD NOV 2023
AuthorErum Shaikh
5 min read
News

Ransomware attacks in 2023 display a worrisome trend

Twitter
Facebook
WhatsApp
Email
LinkedIn
a blog image about ransomware attacks in 2023

Ransomware attacks may have plateaued in 2022, according to the recently released 2023 Verizon Data Breach Investigations Report (DBIR), but cybersecurity experts caution against complacency. While the share of breaches involving ransomware remained steady at 24%, the report reveals a more nuanced picture of the evolving threat landscape.

A graph showing how much ransomware has grown over the years.

Ransomware attacks in 2023 continue to worry experts

Verizon’s comprehensive analysis of 16,312 incidents and 5,199 confirmed data breaches between November 2021 and October 2022 sheds light on key themes such as ransomware, social engineering attacks, and Log4j exploitation. The report highlights that while the rate of ransomware attacks appears to be leveling out, the growing list of victims, including cities like Dallas and Lowell, Massachusetts, raises concerns about the future of this malicious trend.

An intelligence analyst at Recorded Future, Allan Liska underscored the difficulty in assessing the ransomware landscape due to underreporting by victims and fragmented reporting requirements. However, Verizon’s international data suggests that ransomware remains a significant threat, with a consistent 24% of breaches involving ransomware across 81 countries.

The financial costs associated with these attacks vary widely. Only 7% of US victims who reported to the FBI reported financial losses, ranging from as little as $1 to a staggering $2.25 million. Nonetheless, the report reveals that the median reported loss has doubled from the previous year, reaching $26,000 on average.

Ransomware incident costs

Managing Director of cybersecurity consulting at Verizon Business and Manager of the DBIR, Chris Novak described the past year as a period when threat actors adapted their tactics to bypass improved security measures. He explained that threat actors increasingly find ways to infiltrate organizations’ sensitive areas to extract larger ransom payments as defenders improve their security posture.

Ransomware gangs have also shifted their tactics to focus on data theft and extortion, aiming to evade detection. Paradoxically, despite initial assurances made by threat actors during the COVID-19 pandemic, healthcare institutions have become primary targets. Novak suggests a connection between the growing breaches against healthcare organizations and the shrinking pool of vulnerable targets, making them more appealing for ransomware attacks.

The 2023 DBIR also highlights the healthcare industry’s continued vulnerability to ransomware attacks, noting a rise in breaches involving stolen data triggered by ransomware. While the growth rate of ransomware attacks may have slowed, Alex Pinto, lead author of the report, warns against underestimating their impact, stating, “I wouldn’t count them out yet.”

Verizon’s analysis further reveals that organized-crime attackers were responsible for 62% of all ransomware incidents and 59% of incidents driven by financial motives. This aligns with the trend observed in the 2022 DBIR, which saw a 13% increase in ransomware breaches from the previous year. Shockingly, ransomware attacks have more than doubled between 2022 and 2023, accounting for a staggering 62% of all data breaches this year.

“[W]e had been anticipating that Ransomware would soon be hitting its theoretical ceiling, by which we mean that all the incidents that could have Ransomware, would have. Ransomware is present today in more than 62% of all incidents committed by Organized crime actors and in 59% of all incidents with a Financial motivation, so sadly there is still some room for growth.”
A list of ransomware action vectors

As the threat landscape evolves, experts emphasize the importance of maintaining robust cybersecurity measures and proactive response strategies to counter the persistent ransomware menace.

Erum Shaikh
Erum Shaikh / Editor
Erum is a passionate psychotherapist by day and cyber sleuth by night. With over a decade of experience as a journalist, she loves to dig deep into the abyss of cybersecurity to find out what, why and how an incident occurred. Reach out to her on X @shaikherum
FAQsFrequently Asked Questions
Experts generally advise against paying the ransom. Paying does not guarantee the safe return of your files, and it funds criminal activities. It's recommended to report the incident to law enforcement and seek assistance from cybersecurity professionals.