Ransomware Trends

2023: New Year, New Criminals After the notable decreases in ransomware we discussed in the first section, it’s unfortunately time to shift gears to more recent trends. “Unfortunate” because the unmistakable trend so far in 2023 is that extortion is on the rise in the US and around the world. Data drawn from our threat intelligence sources revealed that the overall number of victims listed on dark web leak sites increased 60% between January and February. It increased another 69% from February to March 2023.

Overall, March 2023 appears to be the month with the largest number of victims being posted to leak sites over the past two years.

What’s causing the sudden spike?

While there is certainly a broad-based lift in attack activity among a number of criminal groups, one in particular stands out. The CL0P gang appears to have compromised more than 130 organizations by exploiting vulnerable GoAnywhere file transfer software and began publishing victims en masse on its leak site. CL0P’s victims comprise roughly 22% of March’s total claimed ransomware victims.

CL0P listed nearly as many victims in a single month as it did in all of 2021 and 2022 combined, indicating that the flurry of activity in March is not necessarily representative of their typical behavior.

Even without CL0P’s contribution, the number of claimed extortion victims in March stands at 349. This is still a 31% increase over February 2023, a 23% increase YoY, and would remain one of the highest months on record. With or without CL0P’s campaign, victim metrics this year are far above the typical threshold for February and March. This has also had a strong impact on healthcare claims, as many of these vendor breaches impacted healthcare data.