Skip to main content

Ransomware Report 2023: Outpost24 reveals the numbers behind targets, motives, and trends

London, U.K. – 7th February 2023 - After closely monitoring the most active ransomware groups in 2022, the KrakenLabs team at Outpost24 are sharing their latest report that delves deep into the significant ransomware trends, threat groups, victim profiles, and motives behind these attacks from the past year. In total, the researchers identifiied 2,363 disclosed victims by various ransomware groups on Data Leak Sites (DLS) in 2022, with an estimated $450 million paid in ransom by victims

A detailed research report, which is available here, uncovered the following findings surrounding the evolving ransomware landscape:

  • Most active ransomware groups: Existing entities like LockBit, BlackCat, Hive, and Karakurt have demonstrated exponential growth and have surpassed previous records despite the disappearance of prominent threat groups such as CONTI and the old REvil;
  • Frequently attacked countries: From the 101 different countries that registered victims, 42% of them are from the United States. The UK second on the list followed by Canada, Germany and France. In fact, 28% of victims were from Europe.
  • Worst offender: Last year, the ransomware group known as LockBit exhibited a significantly higher level of activity compared to other groups. They were responsible for 34% of all recorded attacks in 2022.
  • Sector most at risk: While critical infrastructure sectors accounted for just over half of the attacks perpetrated (51%), construction was the most targeted sector overall.

The research aims to help individuals and organisations be aware of the latest trends and attack patterns, as well as tactics, techniques, and procedures (TTPs) that ransomware gangs are deploying. Ultimately, helping potential victims to better mitigate the risk.

Further analysis by Outpost24 also revealed time periods in which the tables were turned, and ransomware groups were under DDOS (distributed denial of service) attack. In week 35 of 2022 LockBit group claimed that they were being attacked as a consequence of leaking stolen data from Entrust, a cybersecurity company that was attacked previously by them. Outpost24 KrakenLabs detected that not just LockBit, but many other ransomware DLSs were suffering DDOS attacks during this period. It is likely the attackers were aiming to cause disruption for the ransomware groups during the extortion process.

The recent clampdown of Hive, following REvil, is a positive sign for all however organizations must ensure they keep their guards up against this constant evolving threat by prioritising cyber hygiene through regular vulnerability assessment, security testing and combining detection with threat intelligence to surface risk signals that can help prevent infection. Alejandro Villanueva, Threat Intel Analyst at Outpost24.

To view the report, please click here.


About Outpost24

The Outpost24 group is pioneering cyber risk management with vulnerability management, application security testing, threat intelligence and access management – in a single solution. Over 2,500 customers in more than 65 countries trust Outpost24’s unified solution to identify vulnerabilities, monitor external threats and reduce the attack surface with speed and confidence. Delivered through our cloud platform with powerful automation supported by our cyber security experts, Outpost24 enables organizations to improve business outcomes by focusing on the cyber risk that matters.

Looking for anything in particular?

Type your search word here