In 2023, Extortionists Raked in Over $1 Billion in Ransom Payments

Analysts from Positive Technologies have reported that 2023 was marked by record ransom payments to operators of ransomware, as well as a noticeable increase in the scale and complexity of ransomware attacks. Last year, ransom payments totaled over $1 billion, the highest in history.

According to researchers, medical organizations suffered the most from ransomware attacks last year (18% of all incidents occurred in the medical sector), leading to the closure of some facilities, redirection of ambulances to other hospitals, and delays in providing medical services.

For example, the American medical company Prospect Medical Holdings faced serious damage from an attack by the Rhysida group. The Russian laboratory service “Helix,” according to the media, was also by ransomware. Attackers attempted to disrupt the operation of laboratory complexes and provoke the leak of personal data, resulting in delays in delivering research results to clients. The company stated that they were able to avoid the loss of sensitive data.

The top four most targeted industries by ransomware attacks at the end of the year also included organizations in the fields of science and education (14%), government institutions (12%), and industrial organizations (12%).

Most ransomware was distributed via email (62%) and by compromising computers and servers (35%).

According to Positive Technologies, in 2023, cybercriminals shifted from simple encryption to the threat of publishing stolen data. If the attackers’ goal is not to disrupt the victim company’s core business but to obtain financial gain, attacks may occur without encryption at all: criminals may demand ransom, threatening to publicly disclose the stolen data (double extortion).

As a result, ransom payments exceeded $1 billion in 2023, the highest in history.

For instance, as a result of an attack, one of the largest companies in the hospitality and entertainment business, Caesars Entertainment, amounting to $15 million. The company agreed to pay ransom to the attackers (initially, the criminals demanded twice as much from the company – $30,000,000), who threatened to publish the stolen customer data from the loyalty program.

“In 2023, the focus shifted from encryption to the use of stolen data for financial gain through extortion. This trend emerged due to organizations implementing more comprehensive security measures – from the perspective of attackers, this makes ransomware attacks less effective. In addition, moving away from encryption and towards extortion through the threat of publishing stolen data may be related to security specialists developing various decryptors,” commented Irina Zinovkina, head of the research group at Positive Technologies.

0 / 5

Your page rank:


Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment