Ransomware activity surged significantly in 2023 compared to 2022, according to a report by Google-owned Mandiant. This increase occurred despite extensive law enforcement operations against major ransomware groups like ALPHV/BlackCat. Mandiant’s findings, published on June 3, 2024, revealed a 75% rise in posts on ransomware groups’ data leak sites.
In total, victims listed on data leak sites spanned over 110 countries, with a peak of nearly 1400 listed victims in the third quarter of 2023. This data aligns with other reports, such as Chainalysis, which noted over $1 billion paid to ransomware attackers in 2023, setting a new record. The slight decrease in extortion activity in 2022 was seen as an anomaly due to events like the invasion of Ukraine and leaked Conti chats.
Mandiant noted that the resurgence in ransomware activity is driven by various factors. Despite the prominence of established groups like ALPHV/BlackCat and LockBit, the ransomware landscape saw significant diversification with the emergence of 50 new variants, similar to the numbers seen in 2021 and 2022.
The increase in ransomware activity underscores the ongoing threat and the need for robust cybersecurity measures. As ransomware groups continue to evolve and diversify, organizations must remain vigilant and proactive in their defense strategies.
