GRIT Report Shows 25% Surge in Ransomware Victims
GuidePoint Security has released the GuidePoint Research and Intelligence Team’s (GRIT) Q1 2023 Ransomware Report. Within it, GRIT tracked 849 publicly posted ransomware victims claimed by 29 different threat groups in Q1 2023, which is a 25% increase compared to Q4 2022.
Manufacturing, Technology, Education, Banking and Finance, and Healthcare organizations continue to represent the majority of publicly posted ransomware victims. GRIT Lead Analyst Drew Schmitt states, “Based on what we’ve observed during Q1, we assess that more advanced ransomware threat actors will increasingly deploy novel coercive techniques, particularly as the fallout of existing instances generates media coverage and civil lawsuits against affected organizations.”
According to the report, LockBit remains the most prolific ransomware threat group. The rapid and widespread exploitation of a vulnerability in Fortra’s GoAnywhere file-sharing software brought Clop into a leading position. Following LockBit, Vice Society remains the most impactful group targeting the education sector.
The report has shown an increase in the use of novel coercive tactics by numerous prolific ransomware groups following the "double extortion" operations model. This is where critical and sensitive files are not only encrypted by the threat actor, but exfiltrated too. The group can then threaten to leak the data if ransom demands are not fulfilled.
GRIT's analysis has also shown additional observed coercive measures, including Distributed Denial of Service (DDoS) attacks and selective public leaks designed to generate media attention and cause reputational damage to organizations.
The top 5 most active Ransomware Threat Actors are LockBit, Clop, AlphV, Royal, and BianLian, with Manufacturing and Technology continuing to be the most impacted sector. However, the report notably showed a 65% increase in observed victims in the legal industry from Q4 2022 to Q1 2023.
Earlier this month, it was also disclosed that Europe's transportation sector had recently been significantly affected by ransomware and data breaches. According to ENISA's first-ever threat landscape report, ransomware incident reports almost doubled in volume from 13% in 2021 to 25% in 2022. European airports, railways, and road authorities were among the victims of these attacks.
Please, comment on how to improve this article. Your feedback matters!