Quarterly GRIT Ransomware Report – Q2 2023
With the second quarter of 2023 behind us, it’s time to talk about GRIT’s findings from April, May, and June. Keep reading for a quick summary of the report’s contents, and for the full details and analysis, you can find the complete Q2 GRIT Ransomware Report here.
The rapid evolution of the Ransomware landscape has brought changes to the ways that groups operate, and the GRIT Ransomware Taxonomy has been updated to expand the scope of definitions. These updates account for the rapid rise and fall of groups (made possible by the rise of Ransomware-as-a-Service or RaaS) by providing categories for “Emerging” and “Developing” groups. The changes also clarify the position and role of groups that were previously categorized as “Full-time” groups, switching their designator from “Full-time” to “Established”.
At the end of Q2 2023 there was a 38% increase in the volume of public ransomware victims compared to Q1 2023, but more shockingly there was a 100% increase compared to Q2 of last year. LockBit remains the most prolific ransomware threat group despite a 10% decline in volume in Q2 relative to Q1, and a new file-sharing application vulnerability brought another surge of victims claimed by Clop ransomware group.
The Manufacturing industry continued to hold top billing in the most targeted industries, keeping its place as the most targeted industry since the GRIT 2022 Annual Report. The Consulting and Insurance industries saw dramatic growth in ransomware attacks, more than doubling the volume of victims in both cases. The United States is still the most impacted country with respect to the number of posted victims and now holds that position by pure majority rather than a plurality. At the end of Q1, GRIT noted an acceleration of targeting in India and that trend has continued, bringing developing economies like India and Brazil.
In Q1, the increasingly crowded RaaS space caused existing groups to evolve their tactics, techniques, and procedures. In Q2, GRIT observed a 260% increase in “First seen” groups compared to Q1, and a large increase in RaaS group activity–likely brought on by the 14 new groups that began operations in this quarter.
The rapid evolution of the Ransomware landscape has brought changes to the ways that groups operate, and the GRIT Ransomware Taxonomy has been updated to expand the scope of definitions. These updates account for the rapid rise and fall of groups that RaaS can bring by providing categories for “Emerging” and “Developing” groups. The changes also clarify the position and role of groups that were previously categorised as “Full-time” groups, switching their designator from “Full-time” to “Established”.
You can view the full Quarterly Ransomware Report here.