Security News > 2023 > October > Ransomware groups continue to increase their operational tempo
GuidePoint Research and Intelligence Team observed a nearly 15% increase in ransomware activity since Q2 due to an increased number of ransomware groups, including 10 new emerging groups tracked during this quarter.
Through the first three quarters of 2023, GRIT has tracked a total of 3,385 publicly posted ransomware victims claimed by 57 different threat groups, representing an 83% YoY increase.
"Q3 of 2023 marked the largest volume of public ransomware victims that GRIT has observed since we began tracking the ransomware ecosystem for the last 2 plus years," said Drew Schmitt, Practice Lead, GRIT. "The ransomware ecosystem as a whole is on pace to nearly double its number of publicly posted victims year over year despite a lesser increase in the number of threat actors. This suggests that many of the groups we are tracking are continuing to increase their operational tempo, but also may be the result of many organizations not being willing to pay the ransom demand," added Schmitt.
Other notable Q3 ransomware events included the end of Cl0p's MOVEit campaign, LockBit's return to a high operational tempo, and Bianlian's sustained capabilities despite moving to an exfiltration-only model, all of which have contributed to this quarter's rise in ransomware activity.
Cl0p activity in Q3 stemmed almost entirely from its mass exploitation of a vulnerability in the MOVEit managed file transfer software, which resulted in a 5% total increase in victims from Q2 to Q3. While Alphv experienced a modest decrease in total victim volume and market share between Q2 and Q3, it retained its position as one of the most impactful ransomware groups, claiming responsibility for more than 10 healthcare victims as well as the MGM resorts breach.
"Standalone ransomware groups may choose to continue this trend as part of their long-term operations, while Ransomware as a Service groups may pursue data-only exfiltration as a stop-gap while developing new encryptors or pursuing Rebrands."
News URL
https://www.helpnetsecurity.com/2023/10/26/ransomware-activity-q3-2023/