Halcyon Ransomware Malicious Quartile Q4-2023
Explore the latest reports by the experts at Halcyon
Executive Summary
Ransomware remains one of the most significant threats to organizations of all sizes in all industry verticals. Following a bit of a lull the previous year, the first half of 2023 saw more victims impacted by ransomware attacks than in all of 2022 as threat actors continue to leverage Ransomware-as-a-Service (RaaS) platforms to execute their attacks. The vast majority (75%) of organizations reported being targeted by at least one ransomware attack in 2023, with 26% reporting they were targeted with ransomware four or more times.
Other analysis indicates the volume of attacks surged in 2023 by 55.5% year-over-year with 4,368 documented cases. Successful attacks in the U.S. increased by 60% for the healthcare sector, 82% for K-12 schools, and 48% for higher education. Surprisingly, this does not include the massive number of victims hit with ransomware by way of a vulnerability exploit in the MOVEit managed file transfer software (CVE-2023-34362) that the Cl0p ransomware gang leveraged to compromise more than 1000 victims in rapid succession.
While authorities have been making efforts to help organizations address ransomware attacks, efforts to stem the tide of ransomware attacks are hampered by our not truly understanding the magnitude of this growing threat. Hard numbers on the extent of the ransom crisis are hard to come by, and the problem may be even bigger than we think following a report that revealed over half (61%) of executives say their organizations do not report ransomware attacks. This lines up with what the FBI reported after spending seven months observing the Hive ransomware gang by infiltrating their operations. The FBI came to the shocking conclusion that only 20% of attacks were being reported to law enforcement.
There is no threat as pervasive as what we see with the explosion in ransomware operators, variants, affiliate threat actors, and total dollar losses to victim organizations, and the potential for an attack to have widespread and very serious repercussions is imminent. For example, a recent ransomware attack on the Industrial and Commercial Bank of China (ICBC) reportedly disrupted the US Treasuries market, and similar attacks could cripple worldwide financial and banking systems, interfere with international trade, and cause other major disruptions.