Pierluigi Paganini January 19, 2024

Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report.

According to the Ransomlooker tool, the number of ransomware attack victims increased by 128.17% compared to the previous year (2022), with 1837 additional incidents.

Based on Ransomlooker, a free Cybernews tool for monitoring the dark web and other hidden areas of the internet, more ransomware attacks occurred in spring and summer, with 1253 and 1275 victims, compared to winter and autumn, which had 611 and 1052 incidents, respectively. Winter was the least active time (14.6% of attacks in 2023), while summer was the most active for ransomware attacks (30.4%).

Furthermore, based on findings from the Ransomlooker tool, there were an average of 36 successful ransomware attacks per day in 2023, or more than one successful ransomware attack claim against a company per hour.

The most targeted country in the world: the USA

Ransomlooker data shows that the most targeted countries over the past four years are the same top five countries: the United States, United Kingdom, Canada, Germany, and France.

The US consistently takes the first position, significantly surpassing other countries, with a victim count sometimes nearly ten times greater than the second-ranked country. Other economically and technologically advanced countries consistently maintaining a presence in the top ten include Italy, Australia, and Spain.

What is more unexpected is the continued inclusion of India and Brazil on the top 12 list despite their less progressive economies. However, this correlation aligns with their comparatively limited ability to invest in advanced cybersecurity practices and greater susceptibility to successful ransom attacks.

The most active group in 2023: LockBit

According to the data presented by the Cybernews research team, 66 active ransomware groups were identified and operating within the digital landscape in 2023. The top 10 groups, based on the number of victims, collectively account for 59% of the total victims in 2023.

LockBit remained the most active group through 2023. They claimed responsibility for most victims, with 1009 incidents constituting nearly a quarter of all ransomware victims in 2023. This group primarily focused its attacks on the construction, manufacturing/industrial, and retail industries.

Top targeted companies: Stanford University, Volt, CoinBase

According to data from Ransomlooker, the top 10 industries targeted by ransomware groups in 2023 were IT services and IT consulting, construction, manufacturing and industrial, retail, hospitals and health care, insurance, law practice, real estate, software development, and machinery manufacturing.

The data shows a shift in ransomware targets over the past three years. Previously dominated by the construction industry, the IT sector now claims the top spot in 2023.

In the IT service and consulting sector, Stanford University, Volt, and CoinBase were reportedly identified by the Ransomlooker tool as the top companies targeted by ransomware gangs based on their annual revenue in 2023.

You can read the full report here, the data provided in the report have been collected up to December 19th, 2023.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)