Global ransomware attacks were up over 95% in 2023 over 2022 and reached a new record high, according to the Q3 Ransomware Report recently published by Corvus Insurance. Q3 saw an 11.22% increase over Q2, with 1,278 total victims on ransomware leak sites, where the data for the report was collected.
“So far, 2023 ransomware victim numbers have already surpassed what was observed for the entirety of either 2021 or 2022,” the report states. “If things continue on the current trajectory, this could be the first year with over 4,000 ransomware victims posted on leak sites.” The report also notes that this is not the full picture: “Victims posted on leak sites typically don’t pay or delay paying a ransom. But a significant percentage of victims, with best estimates being between 27%-41%, quickly pay threat actors’ demands and thus are never observed on a leak site.”
The industries that experienced the most significant increase in ransomware attacks were law practices at +70%; government at +90%; oil and gas at +142%; and manufacturing at +60%, according to the report.
Factors Contributing to Rising Attacks
According to Corvus, “Usually fairly quiet, CL0P, [a ransomware group,] sprung to life in Q1 by exploiting GoAnywhere file transfer software, impacting over 130 victims. In Q2, they followed up with the mass exploitation of a zero day vulnerability in MOVEit file transfer software totaling 264 victims at the time of this report. The single MOVEit vulnerability accounted for 9% of Q2’s total and 13% of victims in Q3, which contributed significantly to a steadily increasing victim count.” The report notes that, even without CL0P, ransomware numbers would be up 5% in Q3 compared to Q3 2022, and 70% year-over-year in Q3; however, prior to 2023, CL0P only made up a small total of ransomware victims and now represent a significant portion of the total.
Another factor, according to Corvus, was “an unusually long summer break.” Ransomware tends to follow seasonal patterns, the report states. “Cybercrime is perpetrated by human attackers who need to blow off some steam and spend that stolen cash, sometimes on lavish vacations.” As such, a decrease in ransomware is usually seen during the summer months; however, “that decrease came later and was much shorter than we typically observe…[with a] decrease in June as expected. But then ransomware spiked until the end of July and the first half of August.”
Barracuda Networks Identifies AI as a Culprit
Commenting on the trends outlined in the Corvus report, CLM Member Edward F. Donohue, partner, Hinshaw & Culbertson LLP, says, “The increase in ransomware attacks was identified by Barracuda Networks in July of 2023 and was then followed by many alerts on the problem since that time. Barracuda studied the period of August 2022 to July 2022 and found that ransomware attacks had doubled over that period. Barracuda identified the source of the increase was the misuse of AI [artificial intelligence] generative tools to make phishing and ransomware attacks more effective. AI tools can be used to create polymorphic malware that is more efficient in evading security screens.
“The AI tools are being used to make malicious emails appear highly credible,” Donohue continues. “AI conducts advanced research on the victim to make the phishing email appear to come from a safe sender with contextual knowledge. Essentially, that means the phishing email reveals information that only someone with a high level of knowledge of the victim and those with whom they interact would know. It eliminates badges of phishing ranging from typos to making other errors that could have put the recipient on alert that the email was malicious in the past.”