According to the October 2023 ransomware report compiled by GuidePoint Security's Research and Intelligence Team (GRIT), there was a significant cooling off of ransomware incidents in October as compared to the very active month of September 2023. There was a noticeable 32% reduction in victims targeted by threat actors, following a previous spike in the recorded victims. Despite the slowdown, October's reported victim numbers still significantly outnumber those from the beginning of 2023.
Grayson North, Senior Threat Intelligence Analyst at GuidePoint Security, reported that even though the volume of victims had reduced, there was no major decline in the number of active ransomware groups. Larger groups, termed "Established" groups by the publishing team, remain largely unchanged while smaller and newer "Ephemeral" and "Emerging" groups continue to demonstrate signs of resilience and continuity in a chaotic sector.
As conflict continues to rise in the Middle East, numerous ransomware actors have openly professed their allegiance, announcing their intent to execute cybercrimes in support of their preferred party. Nationalised hacktivism often manifests as DDoS attacks or website defacements, but there exists the possibility of ransomware actors shifting their victimology to target one side of the conflict. This operational shift is likely too recent to be reflected in the data, with the countries most affected by ransomware still being the United States, Canada, and the United Kingdom.
The Manufacturing industry remains the sector most impacted by ransomware intrusions. Healthcare, Education, Retail, and Consulting, all of which exhibited substantial growth in the last few months, are other sectors commonly targeted. The surge in reported victims within the Retail and Wholesale industry in recent months is a trend that is likely to continue as holiday shopping season looms, causing a flurry of activity for retailers.
Interestingly, statistics from October point to the resurgence of the ransomware group Clop and the emergence of a few other Ephemeral and Emerging groups. The spotlight this month was on NoEscape’s steadily expanding operations. Rising from a "Rebrand" group that emerged in May 2023, NoEscape has since evolved into a serious threat to cybersecurity.
There were noticeable shifts in ransomware activity in October, as 22 of the 35 active groups showed a decrease in victims compared to the figures of September 2023. The report showed a spike in activity over three distinct days, mostly due to mass posts from the ransomware group, Play, and a significant mass post on October 31 by NoEscape. Even though this reduction in victims is significant, the overall observed ransomware posts still greatly exceed the figures from October 2022, providing an ominous indication that ransomware activity continues to surge upwards.
Looking at the victims by country, while the US leads in terms of the total number of victims, its figure fell by 83 from September to October – down to 164 victims, which is less than the average monthly total for 2023 (184 victims). The UK, on the other hand, saw an increase of 33 victims, which starkly contrasts with the substantial 76% decrease of victim count in Germany.
As we move towards 2023's conclusion, it's notable that the ransomware landscape continues to present significant challenges. The highly prolific nature of ransomware operations continues to cause concern, with the Reinventing, Established and Developing groups showing no signs of slowing down their attacks. As the year enters its final stage, the necessity to guard against and fight ransomware remains as vital as ever.