Ransomware Back with a Vengeance in 2023
A marked reduction in ransomware attacks last year seemed to signal that security teams and law enforcement officials had turned the tide against their cyber adversaries. That optimism was premature. The first half of 2023 has seen record numbers of ransomware attacks featuring much larger ransom demands, shifting data targets, and frequent use of double- and triple-extortion tactics.
Reported ransomware attacks reached an all-time monthly high in March of this year with 459 attacks — the most recorded in a single month since analysts began keeping records in 1989. However, the actual number of attacks is likely much higher due to inconsistent reporting. One recent study estimates that more than 80 percent of ransomware attacks go unreported because victims are concerned about reputation damage and potential legal and regulatory consequences.
Average ransom demands have also increased dramatically, rising 144 percent to $2.2 million according to one survey. One of the largest attacks so far this year came with a whopping $80 million ransom demand.
Tactics are changing as well. In addition to encrypting data, threat actors now commonly exfiltrate data and threaten to release or sell the stolen information. Many also threaten to launch distributed denial-of-service (DDoS) attacks if the ransom isn’t paid. In another shift, almost all attacks (93 percent, according to Veeam) now also target backups to limit a victim’s ability to recover.
Major Ransomware Attacks 2023
Here are just a few of the more noteworthy attacks through the first half of 2023:
One of the largest attacks so far this year came with a whopping $80 million ransom demand.
- In January, the CL0P ransomware group exploited vulnerabilities in file transfer tools to steal data from 130 companies within 10 days. The New York City Bar Association was among the targets, with attackers exfiltrating 1.8TB of data. CL0P is considered among the most dangerous ransomware variants because it can disable Windows’ built-in security safeguards such as Windows Defender and Microsoft Security Essentials.
- An ongoing ransomware campaign is targeting VMware ESXi hypervisors across the U.S., Europe, Asia and Canada. Authorities say about 4,000 servers have fallen victim to EXSiArgs ransomware. Analysts say the malware exploits a known flaw to conduct remote code execution.
- The Russia-backed LockBit gang is linked to a number of recent high-profile attacks, including a January attack on Royal Mail, the UK’s leading mail delivery service. That attack prevented UK post offices from processing international post or parcels for more than six weeks. LockBit leaked stolen data when the mail service refused to pay the gang’s $80 million ransom demand. In March, the LockBit gang also exposed the data of about 9 million patients of Atlanta-based Managed Care of North America (MCNA) Dental. Again, the gang published all the stolen files when the company refused to pay a $10 million ransom demand.
- In March, the Money Message ransomware group stole and published the data of 5.8 million patients of PharMerica, a national pharmacy network providing long-term care, senior living, behavioral health, home infusion and specialty pharmacy programs.
- The City of Oakland had to declare a state of emergency and shut down all computer systems to contain a ransomware attack in February. The Play ransomware group took credit for the attack and leaked more than 600 gigabytes of data that included the personal information of thousands of former and current city employees. The city now faces multiple class action lawsuits on behalf of victims.
- The City of Dallas had to shut down online services in early May following an attack by the Royal Ransomware group. Affected services included the municipal court system, the police and fire departments’ computer-assisted dispatch systems, online utility payment systems and public library reservation systems. However, city officials say there is no evidence of a data leak.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.
Contact Managed Services Provider, Global Data Systems >