Report: 117 countries were exposed to ransomware attacks during 2023
These attacks targeted vital sectors such as healthcare , finance, and information technology, and caused huge financial losses and disruption to many essential services, highlighting the urgent need to enhance cybersecurity worldwide.
The most important findings of the report:
The Ransomware Task Force report from the Institute for Security and Technology ( IST ) – a non-profit organization founded in 2021 to address the challenges emerging technologies pose to global security and society – found that 66 different criminal groups carried out ransomware attacks in 2023, targeting 117 countries, compared to 105 countries in 2022.
The report, which relied on data from eCrime.ch, a platform specializing in gathering information about ransomware attacks, indicated that the attacks peaked in June and July, largely due to the exploitation of security vulnerabilities in popular file transfer tools, such as MOVEit and GoAnywhere.
Which countries are most targeted by ransomware attacks?
The report showed that all of South Asia and South America were among the most targeted regions in the world by ransomware attacks in 2023, given the countries’ significant interest in digital transformation processes.
Countries such as Iran, Pakistan, Brazil and India have seen a significant increase in these attacks, with Brazil facing attacks on its presidential office and India experiencing incidents affecting its hospitals and financial systems.
Trend Micro reported that Brazil was the second most vulnerable country in cyberspace in the first half of 2023, after the United States.
Lockbit and AlphaV have dominated the global ransomware landscape over the past year, carrying out the majority of recorded attacks, targeting critical sectors such as construction, healthcare, and IT.
The report indicated that the “malware as a service” model has contributed significantly to the spread of these attacks, as this model allows small and medium-sized groups to obtain advanced tools and software to carry out complex attacks, which expands the scope of targeting to include companies of various sizes.
Record numbers:
The report also revealed that ransomware gangs made huge sums from these attacks in 2023 alone, with total ransom payments exceeding $1 billion in 2023, a new record, according to Chainalysis, a cryptocurrency analysis firm.
The FBI's Internet Crime Center (IC3) also recorded more than 2,825 ransomware-related complaints from the US public alone during the same year.
Much of this increase is attributed to a number of large and sophisticated attacks targeting organizations and companies around the world, most notably the CL0P group’s exploitation of vulnerabilities in the MOVEit file transfer tool, which alone contributed to approximately 666 incidents in 2023. This widespread exploitation is likely the main reason for the sharp increase in incidents recorded in June and July 2023.
What are the reasons for the rise in ransomware attacks in 2023?
The report revealed a large gap in the implementation of recommendations aimed at combating ransomware crimes, as it confirmed that half of the recommendations made by its preparation team in 2021 were not implemented by companies and the business sector, especially with regard to refusing to pay ransom.
The continued payment of ransoms demonstrates the need for radical solutions to combat these attacks. International cooperation and improved reporting mechanisms are important steps, but they are not enough as long as victims continue to pay ransoms, as this behavior encourages criminals to repeat their attacks and leads to significant economic losses.
In the same context, the Ransomware Task Force noted in its report issued last April that some recommendations require legislative amendments, but more importantly, efforts to enhance the preparedness of companies and institutions to confront ransomware attacks are still insufficient. The report concluded that governments have not made enough efforts to combat these dangerous attacks.