6,500+ Ransomware Attacks in 2023: A Record-Breaking Year

In 2023, over 6,500 ransomware attacks were recorded, affecting a record-breaking 117 countries. This surge followed a brief decline in 2022. Throughout the year, the number of ransomware incidents increased by 73%, reaching 6,670 cases. A particularly sharp rise in attacks occurred in June and July, when hackers actively exploited a vulnerability in a popular file transfer tool.

These statistics were compiled by the Ransomware Task Force, established in 2021 by the Institute for Security and Technology. In its 2023 annual report, the group utilized data from eCrime.ch, a platform that collects reports from data leak sites.

According to the report, ransomware targeted 117 countries, with the number of groups behind the attacks rising to 66. In 2022, the figures were lower: 105 countries and 58 groups. The most affected regions were South Asia and South America, where rapid digitalization is underway. The highest number of attacks was recorded in Iran, Pakistan, Brazil, and India. Notably, government structures in Brazil were impacted, while hospitals and financial systems in India were compromised.

Leading groups such as LockBit and AlphV carried out the largest number of attacks, despite law enforcement efforts to curtail their operations. The primary sectors affected included construction, healthcare, and IT.

While some experts suggest that hacker groups may exaggerate the number of victims on their websites, data from eCrime.ch aligns with other estimates, such as reports from the FBI and blockchain research firm Chainalysis. These reports also indicate that 2023 set records both for the number of complaints and the revenues cybercriminals garnered from extortion.

The Task Force expressed concern that the scale, frequency, and sophistication of attacks continue to grow as RaaS (ransomware-as-a-service) models evolve. “The effectiveness of this criminal model remains unchanged, and such crimes are becoming increasingly lucrative. In 2024 and beyond, additional measures must be taken to dismantle it,” the report stated.

It was noted that many recommendations made by the Task Force in 2021 have yet to be implemented. Despite progress in reporting structures and global cooperation, little has been done to prevent ransom payments. Law enforcement agencies continue to urge victims not to capitulate and not to pay the attackers.

As of April 2023, the Task Force observed that some recommendations require legislative changes, but efforts to enhance organizational preparedness and provide financial support to victims remain inadequate.