Akamai Explores the Present Ransomware Scenario

Serving stats

• In the last six months, the excessive exploitation of zero-day vulnerabilities has resulted in a 143% rise in the number of victims in comparison between Q1 of 2022 and Q1 of 2023.
• LockBit has been the dominant player in the ransomware landscape between Q4 2021 and Q2 2023, accounting for 39% of all victims. A closer look reveals that the Cl0p ransomware group is aggressively working on developing zero-day vulnerabilities, which has resulted in a 9-fold increase in its victims compared to the previous year.
• The manufacturing sector experienced a 42% rise in victims from Q4 2021 to Q4 2022, highlighting the potential risk to global supply chains. LockBit was responsible for 41% of attacks on manufacturing. 
• In the healthcare sector, victims increased by 39% during the same period, with the ALPHV (also known as BlackCat) and LockBit ransomware groups being the primary culprits. 
• Financial services organizations saw a 50% increase in the total number of affected entities compared to the previous year, while the retail sector witnessed a 9% increase in victims.

Why this matters

• Ransomware collectives are increasingly focusing on data exfiltration. This has now become their main method of extortion. This change in approach shows that relying solely on file backup solutions is no longer adequate to defend against ransomware attacks.
• Zero-day and one-day vulnerabilities are now becoming a standard part of certain ransomware groups' methods. These vulnerabilities are being exploited in specialized or uncommon platforms and software. 
• While the use of zero-day vulnerabilities is not entirely new, what's remarkable is how ransomware groups like Cl0p are proactively searching for and exploiting vulnerabilities on a large scale to compromise numerous organizations.

The bottom line