Leveraging data collected during incident response engagements, this report follows the rise and fall of ransomware variants, notable trends in ransom demands and payments, industries targeted by ransomware attacks, and what may be coming next.
Overview
Top Ransomware Variants
– The 2023 threat landscape was characterized by a combination of mainstay threat actors and newly developed groups.
– LockBit and ALPHV/BlackCat retained spots in the top three throughout 2023, showcasing their continued dominance.
– RaaS groups cause more damage, but also face more challenges.
Trends in Ransom Demands and Payments
– A ransom was paid in 31.3% of engagements in 2023.
– Threat actors became more aggressive in negotiation techniques, demanding notably larger ransoms as fewer victims were willing to pay.
– Internal challenges and disorganization drove operators to implement more stringent policies on negotiation and demand amounts.
Notable Insights
– Ransomware groups continued to innovate on data leak sites and ransomware payloads.
– Threat actors faced increased pressure from law enforcement, including the successful disruption of the Hive ransomware operation and a temporary ransomware takedown of ALPHV/BlackCat.