In 2020, 2021, 2022 and now 2023, BlackFog’s state of ransomware monthly report measures publicly disclosed attacks globally. This year we are also introducing some new statistics based upon unreported incidents, which is a growing trend as organizations try to avoid regulatory penalties, reputation damage and class action lawsuits. We are also proud to have received Gold place for Best Cybersecurity Newsletter of the Year in the 19th Annual 2023 Globee® Cybersecurity Awards for this report.
We have also produced an annual ransomware attack report for 2022. In addition, we have also identified some of the key lessons learned from 2022 and what trends and best practices can be used to mitigate these attacks in the future.
As in previous years we will continue to focus on important statistics such as data exfiltration. If you would like this report delivered to your inbox each month please feel free to register using the link below.
Get our Monthly Ransomware Report as a PDF
Free vCISO Ransomware Assessment
Free vCISO Ransomware Assessment
The first month of 2023 saw 33 publicly disclosed ransomware attacks, the highest number of attacks we have ever recorded for a January. The education sector topped the victim list with 11 attacks, over a third of all incidents recorded this month. Royal Mail, deemed as “critical national infrastructure” in the UK, was hit by a LockBit attack, causing severe disruption to all overseas deliveries. Clop targeted the New York City Bar, exfiltrating 1.8TB of data and posting some “unkind” words regarding their concern for data safety. Let’s take a look at what other attacks were uncovered this month:
A total of 40 ransomware attacks were publicly reported in February, a 21% increase on January. Government was the most heavily targeted sector, closely follow by healthcare. Several large organizations made headlines including, ION, Five Guys and Dole Foods, while we closed out the month with an attack on the US Marshals. Here’s a summary of who else made ransomware news in February.
March saw the lowest number so far this year with 28 publicly disclosed attacks, representing a 12% increase over 2021 and 2022. As usual, education was heavily targeted during the month and it continues to be the number one vertical, ahead of both government and healthcare. High profile incidents included Maximum Industries, the company responsible for making parts for SpaceX. The LockBit gang claimed the attack and disclosed that they had managed to exfiltrate blueprints. The Clop gang also made news when they launched attacks using a vulnerability in Fortra’s GoAnywhere software to steal data from around 130 organizations, with new victim names continuing to make the news. Let’s take a look at other attacks that made headlines in March.
April was the quietest month for reported ransomware attacks this year with 27 incidents making the news, up from 25 in the previous year. Data giant Western Digital was held to ransom by the BlackCat criminal gang who extorted them for an 8 figure sum. While luxury German shipbuilder Lüerssen suffered an attack over the Easter break which reportedly caused much of the firm’s operations to come to a standstill as a result. Here’s a look at who else made ransomware headlines during the month.
The month of May was a record-breaker as we recorded a massive 66 publicly disclosed ransomware attacks, the highest we have ever recorded since we started this blog back in January 2020. Royal, LockBit and BlackCat were the most active during the month, while education remained the most heavily targeted sector, with a few attacks on religious organizations also noted which is an uncommon occurrence. Cybersecurity firm Dragos made headlines when they were targeted by a failed extortion attempt, while an attack on health services organization Harvard Pilgrim caused havoc for patient care, and dental insurance provider MCNA informed nearly 9 million patients that their data had been impacted by a cyber incident. Let’s see who else made ransomware headlines in May:
June was the second busiest month of 2023 with 46 publicly disclosed ransomware attacks recorded, not including the victims of the MOVEit attack. Education and healthcare continue to remain two of the most targeted sectors, with eleven and nine attacks respectively. Data exfiltration remains the tactic of choice as cybercriminals continue to focus on extortion. Beverley Hills Plastic Surgery, University of Manchester and Reddit all made headlines when threat actors threatened to publish troves of personal information exfiltrated during the attacks.
Clop made the majority of ransomware headlines this month following a vulnerability in MOVEit file transfer software. Many prominent organizations fell victim to this attack including British multinational gas & oil company Shell, global accounting firm PwC and a number of US state governments. Those impacted had until June 21st to negotiate with the ransomware group before data was published. The current victim list is massive and growing, and Clop continues to share new entries every day, you can read the victim list in our dedicated MOVEit blog, which is updated with new information as the story unfolds.
Let’s find out who else made the ransomware headlines in June:
We tracked 38 publicly disclosed ransomware attacks in July, representing an 81% increase on 2022, the busiest July we’ve recorded over the past 4 years. Healthcare was heavily targeted with 14 attacks targeting that sector alone. Many large organizations made news headlines during the month including the Japanese Port of Nagoya who were forced to deal with massive disruption due to a ransomware attack, while 11 million patients were impacted by the incident on HCA healthcare, and cosmetics giant Estee Lauder fell victim to an attack from not one, but two ransomware groups. Here’s a summary of who else made ransomware news during the month.