2023: New Trends in Industry Targets

Ransomware threat actors spread their attacks widely around various types of organizations, but at times trends appear as a result of herd behavior and learned practice. If a group is able to succeed in victimizing one type of business, they will naturally gravitate towards finding other businesses that fit the profile of the one they succeeded with. And it’s not always the biggest or flashiest victims that get the attention of ransomware gangs. Many in the industry will recall a rash of attacks on school districts and other small municipal government entities from a couple years ago — gangs likely target lower-profile victims in hopes of reducing the risk of law enforcement attention.

In the past month, our threat intel team noticed some dramatic industry-specific shifts.

Telecommunications saw an 800% increase. Half of these organizations are based in the United States, the others are located in the U.K., France, Lebanon, and Cameroon.

Hospitals and Healthcare experienced a 750% increase in attacks. It should be noted that some of this increase was due to CL0P’s GoAnywhere campaign (35% of the total), however, even after removing CL0P’s victims from the analysis, there would still have been a 450% increase from February. Many of the organizations impacted were healthcare tech companies.

Government saw a 220% increase over February. This mostly includes local municipalities such as cities. These targets were attacked by no less than 10 different ransomware groups including BianLian, Lockbit, Play, and Stormous.