GuidePoint Research and Intelligence Team’s (GRIT) 2023 Q3 Ransomware Report Is Out

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q3 2023 Ransomware Report. This report is based on data obtained from publicly available resources, including threat groups themselves, and insight into the ransomware threat landscape. GRIT observed a nearly 15% increase in ransomware activity since Q2 due to an increased number of ransomware groups, including 10 new Emerging groups tracked during this quarter. In the third quarter, GRIT tracked 1,353 publicly posted ransomware victims claimed by 46 different threat groups. Through the first three quarters of 2023, GRIT has tracked a total of 3,385 publicly posted ransomware victims claimed by 57 different threat groups, representing an 83% YoY increase.

GRIT’s latest Ransomware Quarterly Report examines the large-scale ransomware attacks against MGM Resorts and Caesars Entertainment, highlighting possible seasonal targeting of the Entertainment, Hospitality, and Tourism (EHT) industry. Other notable Q3 ransomware events included the end of Clop’s MOVEit campaign, LockBit’s return to a high operational tempo, and Bianlian’s sustained capabilities despite moving to an exfiltration-only model, all of which have contributed to this quarter’s rise in ransomware activity.

Key Highlights of the Report:

  • The Manufacturing and Technology industries were the 1st and 2nd most impacted by ransomware, followed by Retail & Wholesale as the 3rd most impacted. The Retail & Wholesale vertical has experienced a steady quarterly climb in observed victims throughout the year, jumping from 9th place with 38 victims in Q1 to its current spot in the top three with 98 victims. 
  • While US-based organizations saw an increase in total observed victim count in Q3 2023, the percentage of attacks directed against US-based organizations – decreased by 3.3%, reflecting a marked increase in attacks impacting other nations. In particular, United Kingdom-based organizations saw an increase from 59 victims in Q2 to 83 in Q3, an approximate 40.7% quarter-over-quarter increase.
  • The top three most active ransomware groups were Lockbit, Clop, and Alphv. LockBit posted roughly the same number of victims in Q2 as in Q3, totaling 770 victims for the year thus far. Clop activity in Q3 stemmed almost entirely from its mass exploitation of a vulnerability in the MOVEit managed file transfer software, which resulted in a 5% total increase in victims from Q2 to Q3. While Alphv experienced a modest decrease in total victim volume and market share between Q2 and Q3, it retained its position as one of the most impactful ransomware groups, claiming responsibility for more than 10 healthcare victims as well as the MGM resorts breach.
  • Two of the top 10 most active ransomware groups, Bianlian and Akira, have continued to be impactful despite each group having a public decryptor released by security researchers in 2023.

For more information on GRIT’s 2023 Q3 Ransomware Report:

Leave a Reply

%d bloggers like this: