Cybersecurity firm Black Kite has released its latest report, entitled “Ransomware Threat Landscape 2023™: Ransomware Resurgence”. The report analyzes the threat of ransomware attacks and offers detailed insights into attacks carried out between April 2022 and March 2023. The findings reveal that ransomware attacks have resurged this year, with the number of victims almost double that of last April, and 1.6 times higher than the peak month in 2022.
The report also identifies the top targeted industries, including Manufacturing, Professional, Scientific, and Technical Services, and Educational Services. The United States was the top targeted country, accounting for 43% of victim organizations, followed by the UK (5.7%) and Germany (4.4%). The report further reveals that ransomware groups tend to target companies with annual revenues of approximately $50M to $60M, with third-party vendors often being targeted for client information extortion.
Black Kite’s report identifies Lockbit, AlphaVM (BlackCat), and Black Basta as the top ransomware groups during the analysis period. Moreover, the report highlights that over 70% of ransomware victims had an RSI™ (Ransomware Susceptibility Index®) value above the critical threshold of 0.4, indicating their susceptibility to ransomware attacks. The RSI score is generated by Black Kite and measures an organization's susceptibility to ransomware attacks. Common ransomware susceptibility indicators among victims included poor email configuration, recent credential leaks, public remote access ports, out-of-date systems, and IP addresses with botnet activity.
The report also identifies the rise of encryption-less ransomware, underscoring the importance of data protection and regulatory compliance in addition to addressing business interruption risks posed by traditional encryption-based attacks.
“Ransomware groups have increasingly taken on characteristics of an innovative and mature tech company – but as Black Kite Research shows, it is possible to understand their likely next move,” said Ferhat Dikbiyik, head of research at Black Kite. “Our data pinpoints key vulnerabilities, top targets, and more, so organizations can become as agile as the adversary with defensible intelligence. Thinking like a hacker is the first step toward activating effective prevention, response, and recovery for the level of vigilance needed to overcome these sophisticated criminals.”
Bob Maley, CSO at Black Kite, warns that as more ransomware groups exploit vulnerabilities in third-party vendors, businesses will be blindsided unless they continuously monitor their extended ecosystem for susceptibility indicators and the earliest warning signs of risk.
Black Kite’s report highlights the need for businesses to remain vigilant in their cybersecurity efforts, monitor their extended ecosystem for signs of risk, and take steps to protect against ransomware attacks. The report also underscores the importance of data protection and regulatory compliance in addition to addressing business interruption risks posed by traditional encryption-based attacks.
###