Ahead of International Anti-Ransomware Day (12 May), Kaspersky’s latest research reveals a concerning trend in the global cybersecurity landscape, with ransomware attacks accounting for every third cyber incident in 2023.

The report sheds light on the escalating threat of targeted ransomware groups, which have seen a 30% increase globally compared to 2022, along with a 71% surge in known victims.

Kaspersky’s research, covering 2022 and 2023, revealed a worrisome escalation in targeted ransomware groups. The data indicated a staggering 30% global increase in the number of these groups compared to 2022, accompanied by a 71% surge in known victims of their attacks.

Unlike random assaults, these targeted groups set their sights on government agencies, prominent organisations, and specific individuals within enterprises. As cybercriminals continue to orchestrate sophisticated and extensive attacks, the threat to cybersecurity grows ever more pronounced.

In 2023, Lockbit 3.0 emerged as the most prevalent ransomware, leveraging a builder leak in 2022 to spawn custom variants targeting organisations worldwide. BlackCat/ALPHV ranked second, until December 2023, when a collaborative effort by the FBI and other agencies disrupted its operations.

However, BlackCat quickly rebounded, underscoring the resilience of ransomware groups. Third on the list was Cl0p, which breached the managed file transfer system MOVEIt, impacting over 2.5 thousand organisations by December 2023, according to New Zealand security firm Emsisoft.

In its 2023 State of Ransomware report, Kaspersky also identified several noteworthy ransomware families, including BlackHunt, Rhysida, Akira, Mallox, and 3AM. Moreover, as the ransomware landscape evolves, smaller, more elusive groups are emerging, posing new challenges to law enforcement. According to the research, the rise of Ransomware-as-a-Service (RaaS) platforms further complicated the cybersecurity landscape, emphasising the need for proactive measures.

Kaspersky’s incident response team noted that ransomware incidents accounted for every third cybersecurity incident in 2023. In the research, attacks via contractors and service providers emerged as prominent vectors, facilitating large-scale assaults with alarming efficiency.

Overall, ransomware groups demonstrated a sophisticated understanding of network vulnerabilities, utilising a variety of tools and techniques to achieve their objectives. They used well-known security tools, and exploited public-facing vulnerabilities and native Windows commands to infiltrate their victims, highlighting the need for robust cybersecurity measures to defend against ransomware attacks and domain takeovers.

“As ransomware-as-a-service proliferates and cybercriminals execute increasingly sophisticated assaults, the threat to cybersecurity becomes more acute,” says Dmitry Galov, head of research centre at Kaspersky’s GReAT. “Ransomware strikes persist as a formidable menace, infiltrating critical sectors and preying on small businesses indiscriminately.

“To combat this pervasive threat, it’s imperative for individuals and organisations to fortify their defenses with robust cybersecurity measures. Deploying solutions such as Kaspersky Endpoint Security and embracing Managed Detection and Response (MDR) capabilities are pivotal steps in safeguarding against evolving ransomware threats.”