SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Global ransomware attacks surge by 84% in 2023, reveals NCC study
Wed, 14th Feb 2024

The recent Annual Threat Monitor Report, published by NCC Group, has revealed a striking 84% increase in global ransomware attacks in 2023, up from the previous year. The largest increase was observed in the industrial sector, with a major wave of new threat actors, such as Cl0p and LockBit, continuing to undertake a large amount of these attacks.

The report discloses that a total of 4,667 cases of ransomware attacks were recorded in 2023, a significant rise from 2,531 cases reported in 2022. The driving force behind this dramatic increase was a considerable influx of new threat actors in the ransomware landscape, including three additional actors, Hunters, DragonForce, and WereWolves, all emerging in December.

The industrial sector, which holds a large amount of sensitive data, was the primary target in 2023. With 1,484 attacks, the sector made up 32% of total global ransomware attacks. Following industrials, the Consumer Cyclical sector faced 695 attacks (15% of total attacks), and the technology field experienced 503 attacks (11%). The report stresses that each individual sector witnessed a year-on-year surge in attacks.

LockBit, despite a sharp increase in attacks by Cl0p, remained the most prominent ransomware group of 2023. LockBit's ransomware assaults rose by over 20% to 1,039 attacks in 2023. Third-placed Cl0p saw an extraordinary increase of 609%, with raining attacks rising from 57 to 404.

Geographically, North America continues to be the most targeted region, accounting for 50% of attacks, followed by Europe (28%) and Asia (10%). The NCC report suggests this distribution is primarily because threat actors perceive these regions as wealthier and, therefore, more rewarding targets.

The report also highlighted the increasing involvement of government and law enforcement agencies, leading to the takedown of Qakbot, a leading malware family loader, through Operation Duck Hunt, an FBI-led operation. However, it noted that despite this, multiple potent players, including DarkGate and Pikabot, remain, with new actors continually joining the scene.

Matt Hull, the Global Head of Threat Intelligence at NCC Group, reported that the past year saw a significant rise in ransomware attacks, with the highest number of victims recorded by NCC Group, showing an 84% increase from the previous year. This surge in attacks indicates that organisations across various sectors and regions are vulnerable to such threats. 

Matt Hull stated, "The last year saw the highest volume of ransomware victims we have recorded at NCC Group, with an 84% increase from 2022. This huge volume of attacks shows that no organisation in any sector or region is safe. However, the increase in law enforcement action against ransomware marks a positive step forward in the coming year."

Hull also emphasised the ongoing threat to national infrastructure by 'hacktivists' and Foreign Intelligence services. He reminded that cyber security has never been a higher priority, considering major geopolitical conflicts in the Middle East, Eastern Europe and Asia.