Ransomware activity in 2023 experienced a significant increase, with Mandiant reporting a rise in the number of ransomware families and a shift in deployment timelines [2].


This surge in activity spanned over 110 countries, aligning with reports of over $1bn paid to ransomware attackers in 2023 [3]. Mandiant observed a 30% increase in the creation of new data leak sites [2], with over 1,300 posts recorded during the third quarter of 2023 [2]. The leak sites contained sensitive data stolen from victim organizations [2], with nearly 60% of incidents involving confirmed or suspected data theft [2]. Attackers used tools like Rclone to exfiltrate data to commercial storage services or attacker-controlled infrastructure [2]. Additionally, newer ransomware variants emerged in 2023, with around one third of them being variations of previously identified families [1]. ALPHV operators took further steps to pressure victims by creating a searchable victim data website and releasing an API for their DLS. In November 2023 [1], ALPHV/BlackCat-affiliated actors filed a complaint with the SEC against MeridianLink for not disclosing a data breach [1]. Furthermore, newer RaaS operations like Trigona and Kuiper began accepting multiple cryptocurrencies [1], with Kuiper ransomware operators showing a preference for being paid in Monero to conceal their activities.


The increase in ransomware activity in 2023 poses significant risks to organizations worldwide, with data breaches and financial losses on the rise. It is crucial for businesses to enhance their cybersecurity measures, including regular data backups, employee training, and the implementation of robust security protocols. As ransomware attacks continue to evolve, it is essential for organizations to stay vigilant and proactive in defending against these threats to safeguard their sensitive information and financial assets.


[1] https://cloud.google.com/blog/topics/threat-intelligence/ransomware-attacks-surge-rely-on-public-legitimate-tools
[2] https://www.techtarget.com/searchsecurity/news/366587481/Mandiant-Ransomware-investigations-up-20-percent
[3] https://www.infosecurity-magazine.com/news/ransomware-rise-2023-mandiant/