The ransomware business continues to boom, even as law enforcement nabs some big fish

2023 is a big year for ransomware groups, although law enforcement around the world continues to crack down on attackers. Palo Alto Networks' threat intelligence company Unit42 found that ransomware leak sites reported a 49% increase in the number of victims, with the total number of posts made by different ransomware groups on these sites approaching 4,000.

Unit42 said this rise is due to the huge impact of attacks that exploit zero-day vulnerabilities - security vulnerabilities that developers have not discovered yet. They point to the U.S. government's linking of MOVEitTransfer software hackers to the CL0P ransomware gang as one example. The Cybersecurity and Infrastructure Security Agency estimates that more than 3,000 U.S. organizations and more than 8,000 organizations worldwide were compromised as a result of the hack.

Nearly half of the ransomware victims identified by Team 42 were in the United States, with the industries most affected being manufacturing, professional and legal services, and high technology.

Team 42 discovered 25 new leak sites offering ransomware services last year. But it said at least five sites appeared to have shut down because they had not published new posts in the second half of the year. Group 42 said these roughly two dozen new websites accounted for 25% of the total ransomware posts in 2023.

Still, the prominence of some ransomware groups has attracted the attention of law enforcement and they have been successful in some cases, Group 42 said. The group praised law enforcement for their role in dismantling groups such as Hive and RagnarLocker in 2023. According to the U.S. Department of Justice, Hive held a ransom of $100 million and caused significant damage, including a hospital that was paralyzed and unable to accept new patients after being attacked. According to European law enforcement, RagnarLocker attacked critical infrastructure including Portugal's national airline and Israeli hospitals.

Chainalysis, a blockchain data company, recently released its own report on cryptocurrency crime trends. According to preliminary findings, the company found that the total value of illegal cryptocurrency activity declined in 2023, but ransomware revenue increased. Chainalysis believes that "ransomware attackers have adapted to organizations' cybersecurity improvements."