In 2023, according to a new report by Mandiant, the activity of ransomware programs has significantly increased. The report indicates that the number of publications on data leakage sites rose by 75% compared to the previous year, and Mandiant investigations increased by more than 20%.
It was noted that approximately 33% of new ransomware families in 2023 were variations of previously known programs. Cyber attackers are still utilizing legitimate and commercially accessible tools for their attacks, resulting in a decrease in the use of Cobalt Strike Beacon and an increase in the use of legitimate remote access tools.
In 2023, there was a significant amount of code re-use, duplication of groups, and rebranding of groups in ransomware attacks. Additionally, 33% of incidents involved the deployment of ransomware within 48 hours of cybercriminal access, with over 76% of deployments occurring outside of regular working hours, mainly early in the morning.
Mandiant experts believe that the surge in ransomware attacks in 2023 is partly due to the recovery of the cybercrime ecosystem following a tumultuous 2022. Cybercriminals have returned to active operations using new tactics, techniques, and procedures to increase pressure on their victims.
Ransomware attacks in 2023 targeted organizations in over 110 countries, spanning across various industries. Particularly concerning is the trend of attackers targeting patients of medical institutions, threatening to expose personal data and even making false emergency service calls to increase pressure on healthcare organizations.
The number of publications on data leakage sites hit a record high in 2023, with over 1300 posts in the third quarter alone. The report also highlights a 15% increase in unique sites with at least one publication and a 30% increase in the number of new data sites compared to the previous year. Approximately 30% of the publications in 2023 were on new sites related to ransomware families such as Royallocker.blacksuit, Rhysida, and Redbike.
Mandiant experts recommend utilizing threat protection and deterrent strategies as a measure to safeguard against ransomware attacks, including strengthening infrastructure, data identification, and endpoints.