Incident Response & Threat Intelligence
Threat Advisory
Incident Response & Threat Intelligence

GRIT Annual Ransomware Report – 2022

Download Now

2022 was yet another year with ransomware topping the charts as the most prolific and impactful threat to our networks, data, and operational capabilities. With 2,507 publicly posted victims across 40 industry verticals, ransomware groups were responsible for publicly posting 6.87 victims per day to their respective leak sites. GRIT tracked 54 groups utilizing a double-extortion methodology, many of which are utilizing a Ransomware as a Service (RaaS) model to increase productivity and maximize revenue.

The first quarter of 2022 started high with a posting rate that mirrored the value of Bitcoin, and as the price of Bitcoin became more volatile, so did the rates of victim postings, to a degree. Despite the volatility of cryptocurrency, ransomware victim postings remained frequent, as no quarter saw less than 569 total victims. Significant events, including the rebranding of Conti and the change in version from Lockbit2 to Lockbit3, also influenced the rates of ransomware victims and led to some volatility; however, yearly trends show that 2022 ended on a high note for ransomware groups.

Unsurprisingly, as 2022 progressed, the United States and other western countries were the main targets of ransomware groups. Western countries made up 77% of all publicly posted victims in 2022, with the United States accounting for 38.9% of total victims claimed by ransomware groups.

Similarly, the manufacturing and technology industries were consistently the most targeted industries, with construction and healthcare following close behind. Much of the top 10 most targeted industries remained consistent during 2022, although there was some movement within the top targeted industries from month to month.

As GRIT’s methodology introduced the concept of ransomware group categories, we began to take a deeper and more granular look into how ransomware groups operate, how they target, and some of the characteristics that make them unique. To kick this annual report off, we will cover the ransomware group taxonomy we created over the course of the year, then we’ll dive deep into 2022 to examine ransomware statistics and trends. If you just want a breakdown of the Q4 numbers, we’ll separate those out after the annual review. Finally, we’ll finish with a look at 2023 with some predictions of what we can expect, as ransomware will likely continue to be front and center as the most impactful cybersecurity threat we must defend against on a daily basis.