GuidePoint Security published its GRIT Ransomware Report for Q1 2023, which provides insight into the ransomware threat landscape. Here are some shocking ransomware statistics for the quarter.
Serving numbers
GRIT monitored 849 ransomware victims that were publicly disclosed and claimed by 29 distinct threat groups.
According to the report, there has been a 27% rise in publicly disclosed ransomware victims as compared to Q1 2022 and a 25% rise as compared to Q2 2022.
The manufacturing and technology sectors continue to be the most impacted by ransomware. However, the legal industry observed a 65% surge in publicly posted victims from Q4 2022 to Q1 2023, with 70% of these attacks being attributed to the most active "double-extortion" ransomware groups such as LockBit, AlphV, Royal, and BlackBasta.
In the education sector, there was a 17% rise in publicly disclosed victims during the same period, with Vice Society being responsible for 27% of all attacks in the education industry.
U.S.-based organizations constituted the majority of ransomware victims, accounting for 46% (395 out of 851) of all observed victims, followed by the U.K (7.7%) and Germany (4.4%).
Coercion tactics
The researchers noticed a rise in the adoption of innovative coercive strategies by several prominent ransomware groups that employ the double extortion modus operandi. Medusa and AlphV were observed leaking sensitive information to pressure victims into paying up.
At the beginning of 2023, the LockBit ransomware group released chat logs of a negotiation with one of its victims, Royal Mail, which the group claimed had failed.
Although this method is not entirely new, it is probably intended to deter aggressive negotiation tactics and bolster the effectiveness of shaming strategies employed by the ransomware operators.
Other coercive measures adopted by ransomware groups include launching DDoS attacks and selectively leaking data to the public to garner media attention and harm the reputation of targeted organizations.
The bottom line
The uptick in reported ransomware victims during Q1 2023 is indicative of the persistent and industry-agnostic nature of ransomware as a global threat. The researchers anticipate that ransomware activity is not likely to go down in the long term.