Prominent ransomware gang shut down
LockBit, the most prominent ransomware cartel of the past several years, had its dark web domain seized. Law enforcement agencies from the UK, U.S, and Europol issued an official announcement on the gang'' bust via LockBit's leak site.
According to data presented by the Cybernews tool Ransomlooker, the most active group in 2023 was LockBit. Ransomware groups that the tool tracked claimed they successfully targeted 4,191 victims in 2023. Cybernews researchers report that the number of ransomware attack victims increased by 128.17% compared to the previous year (2022), with 1,837 additional incidents.
Based on Ransomlooker, which is a free Cybernews tool for monitoring the dark web and other hidden areas of the internet, more ransomware attacks occurred in spring and summer, with 1,253 and 1,275 victims, compared to winter and autumn, which had 611 and 1052 incidents, respectively. Winter was the least active time (14.6% of attacks in 2023), while summer was the most active for ransomware attacks (30.4%).
According to the data presented by the Cybernews research team, 66 active ransomware groups were identified and operating within the digital landscape in 2023. The top 10 groups, based on the number of victims, collectively account for 59% of the total victims in 2023.
LockBit remained the most active group through 2023. They claimed responsibility for most victims, with 1009 incidents constituting nearly a quarter of all ransomware victims in 2023. This group primarily focused its attacks on the construction, manufacturing/industrial, and retail industries.
The most targeted state in the US: California
In Cybernews' analysis of Ransomlooker data on the most targeted countries over the past four years, a consistent pattern is seen, with the same top five countries featuring heavily: the United States, United Kingdom, Canada, Germany, and France.
The U.S. consistently takes the first position, significantly surpassing other countries, with a victim count sometimes nearly 10 times greater than the second-ranked country.
While this trend can be attributed to the size of the U.S. and its large number of companies as potential ransomware victims, the presence of the same top five countries highlights the focus of cybercriminals on Tier 1 nations with substantial capital and solid financial standings.
There were 1,323 ransomware attacks in the U.S.
The top 10 states with the highest attack numbers were:
- California (12.2% of attacks)
- Texas (9.5%)
- Illinois (5.4%)
- New York (5.2%)
- Florida (4.3%)
- Michigan (3.9%)
- Pennsylvania (3.85%)
- Ohio (3.8%)
- Georgia (3.6%)
- Massachusetts (3.5%)
You can read the full ransomware landscape overview 2023 here.
The research was done by the Cybernews security research team. The data provided in this report has been collected up to December 19th, 2023.