New Threat Actors Contribute To 45% Rise In Ransomware Attacks Year-on-year

NCC Group announced that in December 2023, global levels of ransomware attacks fell by 12% from November, with a total of 391 cases compared to 442 in the previous month, according to December's Threat Pulse.

The figures for December take the total number of ransomware attacks in 2023 to 4,667, far beyond NCC Group’s initial expectations that cases would hit 4,000. The annual total marks an 84% increase from all recorded ransomware attacks in 2022.

Despite the usual threat groups responsible for ransomware attacks, December saw three new groups enter the top ten most active. Following November figures, LockBit took the top spot for most ransomware attacks, responsible for 82 cases. Cactus followed with 29 cases, and groups Play and BlackCat ranked joint third with 28 cases each.

Data reveals that newcomer Hunters ranked in fifth place with 22 cases (6% of total). The group is believed to be a rebrand of Hive, dismantled by Europol and the FBI earlier in 2023. DragonForce ranked in sixth spot, responsible for 21 cases (5%), and has been active since Summer of 2022. WereWolves also joins the ranking in tenth spot, with speculation that they are a LockBit affiliate.

Unsurprisingly, North America and Europe remained the two most targeted regions in December, with 80% of global attacks between them. North America experienced 51% (199) of all attacks down from 219 in November, with 114 attacks in Europe marking a 29% regional reduction in cases. In third place, Asia witnessed 37 attacks, also representing a decrease of 20%.

However, attacks rose in South America in December by 19% (19), with figures for Oceania staying the same as November with 10 attacks. Most notably, the data also reveals that attacks in Russia rose in December to 12 cases, accounting for 11% of all attacks levied against targets in Europe, compared to the whole of 2023.

Despite Healthcare not placing in the top three most targeted sectors, it is now regarded as frequently at risk of ransomware attacks. Following October and November where healthcare was in the top three most targeted sectors, the total volume of ransomware attacks on healthcare in 2023 has resulted in it being considered at similar risk to other sectors.

In December, industrials, consumer cyclicals and technology were the most targeted sectors. As expected, Industrials took the top spot with 29% of total cases (114), continuing to be targeted for the breadth and diversity of organizations within the sector as well as the quantity of personally identifiable information (PII) and intellectual property (IP).

Consumer cyclicals was in second place with 16% of attacks (64), with the technology sector in third place with 12% (47) of all attacks in December.

In December, malware families (a group of applications with similar attack techniques) were more active than previous months. Two malware families, Hydra mobile malware and the unexpected activity of Qakbot, following the malware family’s infrastructure take-down at the end of August, were notable last month.

The infostealer Meduza Stealer also resurfaced in December with a new version to help cybercriminals make their attacks more sophisticated through methods like accounts takeover (ATO), online-banking theft, and financial fraud. The re-emergence of significant malware families helps attackers to develop their own methods of gathering intelligence and understanding vulnerabilities, to prepare for the delivery of ransomware to their victims.

Matt Hull, global head of Threat Intelligence at NCC Group said: “Although December saw a slight dip in ransomware levels down from the November statistics, the overall increase from December 2022 is a reminder of the growing cyber threat landscape and the importance of adopting the appropriate preventative measures to mitigate the risk of complex attacks.

“Closing 2023 with over 4,000 global ransomware attacks is reflective of the sharp rise of cyber-criminal activity compared with 2022. Over the year, we’ve seen the development of sophisticated attack methods, allowing both new and old threat groups to exploit vulnerabilities of victims across a range of sectors and in particular, present threats to healthcare where we’ve seen notable successful attacks over the last 12 months with vast volumes of data being compromised.”

Source: NCC Group media announcement