Kaspersky Research Reveals Escalation in Ransomware Attacks as International Anti-Ransomware Day Approaches

Kaspersky’s research highlights a significant escalation in ransomware attacks, with every third cyber incident in 2023 attributed to ransomware. The rise of targeted ransomware groups, along with a surge in victims, underscores the urgent need for robust cybersecurity measures and proactive defense strategies.


9 May 2024 – As International Anti-Ransomware Day approaches on May 12, Kaspersky has released its latest research revealing a concerning trend in the global cybersecurity landscape. According to the report, ransomware attacks accounted for every third cyber incident in 2023, with a notable increase in targeted ransomware groups and victims.

Kaspersky’s research spanning 2022 and 2023 showed a 30% global increase in targeted ransomware groups compared to the previous year, along with a 71% surge in known victims of these attacks. Unlike random assaults, these targeted groups focus on government agencies, prominent organizations, and specific individuals within enterprises, showcasing a growing sophistication in cybercriminal tactics.

Lockbit 3.0 emerged as the most prevalent ransomware in 2023, utilizing a builder leak from 2022 to create custom variants targeting organizations worldwide. BlackCat/ALPHV ranked second until December 2023 when a collaborative effort disrupted its operations, demonstrating the resilience of ransomware groups. Cl0p ranked third, impacting over 2,500 organizations by December 2023, notably breaching the managed file transfer system MOVEit, according to New Zealand security firm Emsisoft.

In addition, Kaspersky’s 2023 State of Ransomware report identified several noteworthy ransomware families, including BlackHunt, Rhysida, Akira, Mallox, and 3AM. The rise of Ransomware-as-a-Service (RaaS) platforms further complicates the cybersecurity landscape, emphasizing the necessity for proactive measures.

Kaspersky’s incident response team noted that ransomware incidents accounted for every third cybersecurity incident in 2023, with attacks via contractors and service providers as prominent vectors. Ransomware groups exhibited a sophisticated understanding of network vulnerabilities, employing various tools and techniques to achieve their goals, including the use of well-known security tools and exploiting public-facing vulnerabilities.

Dmitry Galov, head of research center at Kaspersky’s GReAT, emphasized the need for robust cybersecurity measures in the face of evolving ransomware threats. He suggested deploying solutions like Kaspersky Endpoint Security and Managed Detection and Response (MDR) capabilities to fortify defenses against ransomware.

Kaspersky is urging organizations to adhere to best practices aimed at safeguarding operations against ransomware attacks:

  • Keep all software updated to prevent exploitation of vulnerabilities.
  • Focus defense strategies on detecting lateral movements and data exfiltration.
  • Enable ransomware protection for all endpoints and install anti-APT and EDR solutions.
  • Provide SOC teams with access to the latest threat intelligence and professional training.

Author: Terry KS

Share This Post On