Report: 117 Countries hit by Ransomware Attacks in 2023
A new report has revealed an unprecedented rise in ransomware attacks worldwide in 2023, with the number of recorded attacks exceeding 6,500, across 117 countries, representing a 73% increase compared to 2022.
These attacks targeted vital sectors such as healthcare, finance, and information technology, and caused huge financial losses and disruption to many essential services, highlighting the urgent need to strengthen cybersecurity worldwide.
Key findings of the report:
The Ransomware Task Force report issued by the Institute for Security and Technology (IST) – a non-profit organization established in 2021 to address the challenges posed by emerging technologies to global security and society – showed that 66 different criminal groups carried out ransomware attacks in 2023, targeting 117 countries, compared to 105 countries in 2022.
The report, which relied on data from the platform (eCrime.ch) specialized in collecting information on ransomware attacks, indicated that attacks peaked in June and July, largely due to the exploitation of security vulnerabilities in popular file transfer tools, such as: (MOVEit) and (GoAnywhere).
Which countries are most targeted by ransomware attacks?
The report showed that all of South Asia and South America were among the most targeted regions in the world by ransomware attacks in 2023, given the countries’ significant interest in digital transformation processes.
Countries such as Iran, Pakistan, Brazil, and India have seen a significant increase in these attacks, with Brazil facing attacks on its presidential office and India experiencing incidents affecting its hospitals and financial systems.
Trend Micro reported that Brazil was the second most vulnerable country in cyberspace in the first half of 2023, after the United States.
Lockbit and AlphaV groups dominated the global ransomware landscape over the past year, carrying out the majority of recorded attacks, targeting vital sectors such as construction, healthcare, and information technology.
The report noted that the “malware-as-a-service” model has contributed significantly to the spread of these attacks, as this model allows small and medium-sized groups to obtain advanced tools and software to carry out complex attacks, expanding the scope of targeting to include companies of all sizes.
Record numbers:
The report also revealed that ransomware gangs generated huge sums from these attacks in 2023 alone, with total ransom payments exceeding $1 billion in 2023, a new record, according to cryptocurrency analysis firm Chainalysis.
The FBI’s Internet Crime Center (IC3) also recorded more than 2,825 ransomware-related complaints from the US public alone during the same year.
A large part of this increase is attributed to a number of large and sophisticated attacks targeting organizations and companies around the world, most notably the CL0P group’s exploitation of vulnerabilities in the MOVEit file transfer tool, which alone contributed to about 666 incidents in 2023.
This widespread exploitation is likely the main reason for the sharp increase in incidents recorded in June and July 2023.
What are the reasons for the rise in ransomware attacks in 2023?
The report revealed a significant gap in the implementation of recommendations aimed at combating ransomware crimes, as it confirmed that half of the recommendations made by its preparation team in 2021 were not implemented by companies and the business sector, especially with regard to refusing to pay ransom.
The continued payment of ransoms demonstrates the need for radical solutions to confront these attacks, as international cooperation and improving reporting mechanisms are important steps, but they are not sufficient as long as victims continue to pay the ransom, as this behavior encourages criminals to repeat their attacks and leads to significant economic losses.
In the same context, the Ransomware Task Force indicated in its report issued last April that some recommendations require legislative amendments, but what is more important is that the efforts made to enhance the preparedness of companies and institutions to confront ransomware attacks are still insufficient. The report concluded that governments have not made enough efforts to combat these dangerous attacks.