Extortionists Target Small Organizations: Time to Close Their IP?

In the first half of 2023, the number of victims of extortion attacks on organizations increased by 47% compared to the second half of 2022, according to a recent report by Trend Micro.

John Clay, vice president for threats in Trend Micro, emphasized that “threats continue to develop, and target audiences are expanding, causing significant financial and reputation damage.”

The study reveals that many cybercriminals are now targeting smaller organizations, which are believed to be weaker, instead of large targets. The leading gangs of extortionists, namely Lockbit, Clop, and BlackCat, predominantly target organizations with up to 200 employees. Lockbit and BlackCat are responsible for majority of the attacks on such organizations: 57% and 45% respectively.

The United States remains the country with the highest number of victims, accounting for almost half of all attacks in the first half of 2023 (949 cases). The United Kingdom (132 cases) and Canada (88 cases) follow closely on the list. Most of the affected countries are located in North America and Europe.

Investigations on attacks against US state bodies in 2022 revealed that LockBit was responsible for one in every six attacks, further emphasizing the constant threat faced by US state agencies.

Extortion as a Service (RAAS) is also on the rise, with a 47% increase in the number of victims from 1,364 in the second half of 2022 to 2,001 in the first half of 2023. Additionally, the number of new groups providing RAAS services increased by 11.3% during the same period.

The Lockbit Exalist Family, the industry leader since 2022, accounted for 26.09% of all attacks, while BlackCat and Clop accounted for 10.59% and 10.09% respectively. Industries such as banks, retail, and transport were the most common targets in the first half of 2023.

In 2022, the average recovery time for retail industries, restaurants, and hotel businesses significantly increased to an average of 2 weeks, compared to 1 week in 2021. This indicates the increasing complexity of extortion attacks

/Reports, release notes, official announcements.