Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Sead Fadilpašić

The number of ransomware victims is booming — despite major threats being shut down

Lock on Laptop Screen.

Despite the police dismantling some of the biggest and most dangerous ransomware threats out there, ransomware as a criminal industry continues to flourish. 

A new report from cybersecurity researchers from Palo Alto Networks' Unit 42, which found a 49% increase in victims reported on ransomware leak sites. 

In total, there were 3,998 new entries, posted by various groups, across the dark web. 

Short expiration date on ransomware groups

Unit 42 attributed this surge to high-profile vulnerabilities like SQL injection, which were used on products like MOVEit and GoAnywhere. Those with good memory will remember that Cl0p, for example, abused a zero-day vulnerability in the MOVEit managed file transfer solution to exfiltrate sensitive data on more than 2,000 organizations. Before that, the GoAnywhere fiasco saw firms like Procted & Gamble, or Hitachi, lose sensitive files.

LockBit, ALPHV, and others, all tried to find zero-day flaws to abuse and either install encryptors, or just exfiltrate data and demand ransom. 

As the number of victims grows, at the same time the number of ransomware operators is shrinking. Hive and Ragnar Locker are no more, and so are Ransomed.Vc and Trigona. ALPHV was almost completely dismantled but managed to return, possibly rebranded. 

Furthermore, leak site data revealed the emergence of 25 new ransomware groups in 2023, which the researchers hint shows continued appeal in ransomware as a profitable criminal activity. However, many of these new groups did not last, disappearing in the second half of the year. 

As expected, ransomware operators weren’t really picky when it comes to the target industry, but manufacturing still remained the most affected vertical out there. Most victims - 47% - are located in the United States. LockBit remained the most active group in 2023, followed by ALPHV (AKA BlackCat) and Cl0p.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.