Create a free Manufacturing.net account to continue

Ransomware Report Identifies New, Ongoing Threats

“Last year, ransomware continued to increase in terms of impact, sophistication, and the number of participating actors ..."

Feb 1, 2024
Ransomware

GuidePoint Security recently announced the release of their GuidePoint Research and Intelligence Team’s (GRIT) 2023 Annual Ransomware Report. The report's findings include data obtained from threat groups themselves, focusing on the ransomware threat landscape.

GRIT observed victim volume nearly doubling year-over-year, driven in part by multiple mass exploitation campaigns impacting hundreds of organizations. In total, GRIT observed 63 distinct ransomware groups leverage encryption, data exfiltration, data extortion, and other novel tactics to compromise and publicly post 4,519 victims across all 30 of GRIT’s tracked industries, and in 120 countries.

“Comparing 2023 to 2022 ransomware activity, we saw an 80 percent YoY increase of victim posting,” said Drew Schmitt, Practice Lead, GRIT. “While mass exploitation campaigns contributed substantially to this large increase, we saw a significant increase in ransomware activity overall.

"New entrants in the ransomware ecosystem had repeated opportunities either through reduced technical barriers, such as the recycling of leaked ransomware builders and commodity malware, or the recycling of previously leaked data for attempted re-extortion and claims of attacks that never were. For those established groups with resources and technical expertise, exploitation of high-severity and zero-day vulnerabilities provided a reliable means of exploiting victims at scale, a trend we assess as likely to continue into 2024 as a means of overcoming improvements in security.”

Some additional highlights of the report include:

  • 62 percent of all observed victims belong to one of the “top ten” most-impacted industries, with Manufacturing and Technology remaining the two most-impacted industries; Manufacturing represented 12.9 percent of all victims. Among Manufacturing industry victims, the U.S. was impacted five times as much as the next highest country, Germany (265 vs 48 victims).
  • Manufacturing was the most impacted industry for almost every month in 2023.
  • The United States was by far the most impacted country in 2023, accounting for 49 percent of posted victims. Eight out of the ten most impacted countries were within North America and Europe, with Brazil and Australia as the sole outliers. The same “top ten” most impacted countries were home to 76 percent of all observed victim organizations.
  • In line with GRIT’s taxonomy for classifying ransomware groups, long-term Established groups accounted for the overwhelming majority of observed victims (85 percent), followed by Developing groups (10 percent).
  • The top three most prolific Established groups—LockBit, Alphv, and Clop—continue to account for not just the lion’s share of victims but also much of the innovation and tactical changes across the ransomware ecosystem.
  • Ephemeral and Emerging groups, as the newest and shortest-term entrants, lagged behind their maturing counterparts but still posed a significant threat to worldwide organizations, exacerbated by less “reliable” actors and frequently recycled malware.

“Last year, ransomware continued to increase in terms of impact, sophistication, and the number of participating actors, indicating that the ransomware ecosystem has not yet reached a point of market saturation,” said Schmitt. “We expect ransomware impacts to continue an upward trajectory into 2024 and beyond until ransomware groups’ financial interests conflict with one another or until law enforcement and regulatory pressures reduce the perceived attractiveness of the space and the risk calculus of its participants.”

Click here to download the 2023 Annual Ransomware Report.

Latest in Cybersecurity
Cybersecurity
New Siemens Software Automatically Identifies Vulnerable Production Assets
May 8, 2024
Manufacturing
Tech Trends to Watch in Manufacturing
May 7, 2024
General Cyberattack
CISA, FBI Release Secure by Design Alert
May 3, 2024
Financial Cyber
Ransomware Report Shows Fewer Incidents, Future Concerns
May 3, 2024
Related Stories
General Cyberattack
Cybersecurity
CISA, FBI Release Secure by Design Alert
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Releases Latest ICS Advisories
Ep92tn
Cybersecurity
Security Breach: Predictions That Hit
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
More in Cybersecurity
Cybersecurity
Software
New Siemens Software Automatically Identifies Vulnerable Production Assets
The cybersecurity SaaS will be available for purchase in July 2024.
May 8, 2024
Manufacturing
Industry 4.0
Tech Trends to Watch in Manufacturing
AI is at the forefront.
May 7, 2024
General Cyberattack
Cybersecurity
CISA, FBI Release Secure by Design Alert
The two agencies are urging manufacturers to eliminate directory traversal vulnerabilities.
May 3, 2024
Financial Cyber
Cybersecurity
Ransomware Report Shows Fewer Incidents, Future Concerns
The fear is that larger RaaS groups are exercising greater control over their affiliates.
May 3, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
CISA Releases Latest ICS Advisories
Cisco, Siemens, Honeywell and Mitsubishi systems top the list.
May 3, 2024
Ep92tn
Cybersecurity
Security Breach: Predictions That Hit
A look back at Security Breach guest's most accurate and timely industrial cybersecurity predictions.
May 2, 2024
Andrew Witty, Chief Executive Officer of UnitedHealth Group, testifies at a Senate Finance Committee hearing examining cyber attacks on health care, and the Change Healthcare cyber attack, Wednesday, May 1, 2024, on Capitol Hill in Washington.
Cybersecurity
Change Healthcare Cyberattack Due to Lack of Multifactor Authentication
That's according to UnitedHealth CEO Andrew Witty.
May 1, 2024
I Stock 1311492607
Cybersecurity
ZAG Launches Cybersecurity Series for Food, Agriculture Sectors
Empowering agricultural businesses with the tools necessary to protect their digital infrastructure.
April 29, 2024
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
Too many are paying, and the reasons range from understandable to infuriating.
April 25, 2024
Ep90
Cybersecurity
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
Cybersecurity
How to Build a More Secure Connected World with IEC 62443
The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.
April 24, 2024
Ap24114558425503
Cybersecurity
UnitedHealth Says Wide Swath of Patient Files May Have Been Taken in Cyberattack
Screen shots containing protected health information or personally identifiable information were posted.
April 24, 2024