Annual GRIT Ransomware Report – 2022
With 2022 behind us, instead of the usual Monthly or Quarterly GRIT Ransomware Report we’ve put together the first Annual GRIT Ransomware Report to recap the trends and significant events of the year. Much like the quarterly report included the last month of the quarter, this annual report will not only cover the year but also has a breakout for Q4 specifically. What follows is a brief summary of the report’s contents; for full details and analysis, you can find the complete 2022 Annual GRIT Ransomware Report here.
The 2022 Annual Report begins with an introduction and breakdown of GRIT’s new Ransomware Taxonomy, an effort we undertook over the course of the year to better understand Ransomware Group lifecycles and activity. By breaking the groups we observed into 4 separate categories, we were able to better track and analyze their activity and draw conclusions about their trajectory. While every group is unique in the path they take through the taxonomy, understanding their maturity and tactics through the lens of the taxonomy will hopefully give defenders an edge in combatting the rising tide of rebrands, splinter groups, and short-lived ephemeral gangs.
To build this report, over the course of the year GRIT tracked 54 different groups with a combined total of 2,507 publicly posted victims–almost 7 victims per day on average–across 40 industry verticals.
At the beginning of 2022 there was a high posting rate that became more volatile as the year progressed, and that initial surge and subsequent decline seem to closely mirror the volatility in the price of Bitcoin. However, despite the volatility in the cryptocurrency market, no quarter saw less than 569 total victims. The overall rate of victim postings was also surely impacted by significant events like Conti’s rebrand and the release of Lockbit3, but the final analysis shows that 2022 was a banner year for ransomware groups.
In almost every Ransomware Report GRIT released this year, the Manufacturing and Technology industries consistently ranked as the most targeted industries. In fact, the top ten targeted industries saw very little change throughout the year, although there was fluctuation month to month in the specific rankings of each industry. Similarly, the United States and other western countries made up 77% of all publicly posted victims, with the United States alone accounting for 38.9% of total victims.
To read the full report, including a breakdown of the GRIT Ransomware Group Taxonomy, 2022 trends, threat actor activity analysis, and predictions for ransomware in 2023, download the full report here.