Ransomware incidents will affect 117 countries by 2023, task force says

More than 6,500 ransomware attacks were recorded in 2023, reaching a record 117 countries around the world, after a brief dip in 2022.

There was a 73% year-on-year increase in attacks to 6,670 ransomware incidents, with notable spikes in June and July due to the exploitation of a popular file transfer tool.

The numbers were collected by the Ransomware Task Force, which was organized in 2021 by the nonprofit Institute for Security and Technology and is a public-private consortium made up of cybersecurity experts, government officials and more.

In its 2023 annual report, the organization used data from eCrime.ch, which aggregates messages posted on data breach sites, as a primary source of information.

The task force found that at least 117 countries experienced ransomware incidents launched by 66 different groups. For 2022, the numbers were slightly lower: 105 countries and 58 ransomware gangs.

The 2023 data shows an increase in ransomware activity in South Asia and South America – two regions that are rapidly digitizing. Iran, Pakistan, Brazil and India saw the biggest increases, with Brazil suffering attacks on its presidential office and India experiencing incidents affecting its hospitals and financial systems.

LockBit and AlphV, two ransomware-as-a-service groups taken down by police this year, led the way with the highest number of attacks in most regions. Gangs targeted the construction sector as well as healthcare and IT.

While some experts believe ransomware gangs often lie about some victims they post on leak sites, eCrime.ch’s figures are consistent with other assessments from the FBI and blockchain research firm Chainalysis. Both have released reports illustrating that 2023 was a record year in terms of ransomware complaints and revenue from the attacks.

The Ransomware Task Force lamented evidence showing that “the scale, frequency and complexity of incidents continue to increase as cybercriminals refine the RaaS model.”

“The fundamental criminal effectiveness of the RaaS model has not changed, and these crimes are becoming increasingly profitable over time. Additional efforts must be made in 2024 and beyond to disrupt this model,” the group said.

The report states that half of the recommendations made by the task force in a report on ransomware in 2021 have still not been fulfilled. While progress has been made in incident reporting structures and global cooperation, little has been done to address the continued flow of ransom payments. Law enforcement agencies encourage ransomware victims to avoid making payments if possible.

The Ransomware Task Force said in April that while some of the recommendations require legislative action, many of the efforts to better prepare organizations for attacks and provide financial support to those affected are still insufficient.

“Governments have not taken all necessary further measures to combat ransomware,” the report said.

More information.