Ransomware Incidents Hit Record High, But Law Enforcement Takedowns Slow Growth

Written by

Ransomware incidents surged by 68% in 2023 to reach a record high, according to new data from Corvus Insurance. However, law enforcement takedowns are having an impact on the prolific nature of ransomware gangs.

In total, 4496 ransomware leak site victims were observed in 2023. This compares to 2670 in 2022 and 3048 in 2021.

The report also found that the number of active ransomware groups grew by 34% between Q1 and Q4 2023.

Corvus believes this trend is linked to the fracturing of well-known ransomware groups that leaked their proprietary encryptors on the dark web, making them available to new actors.

A prominent example of this is the leak of Babuk ransomware source code on an underground forum in September 2021, enabling multiple threat actors to develop variations of the strain.

The Corvus figures tie in with other recent research showing that ransomware activity rebounded in 2023 following a relative drop off in 2022.

Law Enforcement Disrupting Ransomware Ecosystem

Encouragingly, ransomware attacks fell by 7% in Q4 2023 compared to Q3. The researchers attributed this fall to recent law enforcement operations against prominent ransomware operators last year.

This includes the takedown of the ALPHV/BlackCat ransomware group’s leak site and dismantling the infrastructure of the QakBot gang.

Jason Rebholz, CISO, Corvus Insurance, commented: “While ransomware activity spiked to an all-time high in 2023, the real story here is the incredible impact law enforcement had on these groups as we closed out the year.”

However, he acknowledged that cybercriminals will shift their activities to other groups and strains in time. For example, the use DarkGate and PikaBot malware for initial access was found to have surged following the QakBot takedown.

“Unfortunately, there’s no time to celebrate. Threat actors are resilient and have quickly pivoted to new malware, which means everyone must remain vigilant in their commitment to mitigating these threats,” added Rebholz.

Corvus expect this trend to continue in 2024, with ransomware actors regularly shifting and rebranding in the face of growing operations by law enforcement.

What’s hot on Infosecurity Magazine?