January – March 2023
Q1 of 2023 closed with an increase in publicly posted ransomware victims, continuing to impact worldwide and organizations agnostic of industry. LockBit remains the most prolific ransomware threat group, and the rapid and widespread exploitation of a file-sharing application vulnerability brought cl0p into a leading position. Vice Society remains the most impactful group targeting the education sector, supporting the assertion that some groups maintain a consistent targeting profile.
GRIT continues to monitor evolving tactics, techniques, and procedures demonstrated by ransomware threat actors seeking to adapt to an increasingly crowded Ransomware-as-a-Service (RaaS) ecosystem. Increases in “Data Only” extortion efforts and increasingly coercive selective public leaks are examples of new methods employed by these threat actors to maintain profitability and market share.
Manufacturing, Technology, Education, Banking and Finance, and Healthcare organizations continue to represent the majority of publicly posted ransomware victims, probably reflecting the frequency with which threat actors target highly sensitive data and inadequately defended organizations.
The United States continues to bear the brunt of global ransomware attacks, followed by the United Kingdom, Germany, Canada, France, and others. Though not approaching the volume seen in the western world, we continue to see notable numbers of attacks impacting other countries around the world – from Bangladesh to Barbados.