Ransomware groups are shifting their focus away from larger targets

One in every six ransomware attacks targeting US government offices was traced back to the LockBit ransomware group, according to Trend Micro.

Overall ransomware attack victim numbers increased by 47% from H2 2022.

“We’ve observed a significant increase in the number of ransomware victims since the second half of 2022. Threat actors continue to innovate, target more victims, and cause significant financial and reputational damage. Organizations of all sizes must prioritize and enhance their cybersecurity posture,” said Jon Clay, VP of threat intelligence at Trend Micro.

US tops ransomware chart

The report revealed that many ransomware threat actors are no longer going after “big game” targets, instead focusing on smaller organizations they presume to be less well-defended.

LockBit, Clop, and BlackCat are the three prominent ransomware groups with the greatest number of successful attacks in the first six months of 2023.

Organizations of up to 200 employees accounted for a majority (57%) of LockBit victims and a plurality (45%) of Black Cat victims in the first half of this year. For Clop, large enterprises accounted for 50%, with small businesses comprising 27%.

US-based organizations remain a prime target for ransomware operators, with the highest number of ransomware victims in the first half of 2023 (949) – accounting for nearly half of all ransomware attacks. This figure represents a 69.94% increase compared to the second half of 2022. The UK (132) and Canada (88) were the next most affected countries.

Most of the countries affected by ransomware attacks are in North America and Europe, with the exception of Australia, India, and Brazil.

The incidence of ransomware attacks targeting US government offices in 2022 has revealed that the LockBit ransomware group was responsible for one in every six of these attacks. This highlights the persistent threat posed to government agencies in the US.

Ransomware attacks are becoming more complex

47% increase in new Ransomware as a Service (RaaS) victims, from 1,364 in 2H 2022 to 2,001 in 1H 2023. 11.3% increase in the number of new RaaS groups over the period to 69 in 1H 2023.

LockBit, the top ransomware family since 2022, accounted for 26.09% of total victim organizations, with BlackCat and Clop responsible for 10.59% and 10.09% of attacks, respectively. The banking, retail, and transportation sectors were the most targeted in 1H 2023.

IT, healthcare, and manufacturing emerged as the most targeted sectors in terms of ransomware file detection.

Ransomware attacks will continue to be the bane of organizations of all sizes. And as ransomware attacks become more evolved and complex, it’s not just ransom demands that will increase through the years: Recovery times are also expected to be longer. In fact, the average recovery time for the retail, restaurant, and hospitality industries was 14.9 days last year — a 91% increase from 2021’s 7.8 days.