Ransomware 2023 numbers: 100 million stolen records, $27.4 million average demand, attacks up by 84%

Law enforcement scored some big recent successes against ransomware groups: the FBI significantly disrupted ALPHV/BlackCat’s infrastructure at the end of December, just months after Ragnar Locker watched as Europol did the same across Europe. However, that doesn’t mean the ransomware threat is over. Far from it, as two new pieces of analysis reveal.

First with the statistics is Comparitech, specifically its Map of Worldwide Ransomware Attacks. This shows that the number of data records stolen by ransomware groups increased dramatically between 2022 and 2023.

“Over 102.4 million records were breached via ransomware attacks on tech companies in 2023 – a staggering 2,300 per cent increase on 2022’s figure of 4.26 million,” Rebecca Moody, Head of Data Research at Comparitech, says. “It’s also the highest number recorded across any industry since we began tracking confirmed ransomware attacks in 2018.”

That said, the MOVEit attack accounted for more than 90 million of those records. Exploiting one vulnerability that left numerous organisations unprepared opened the door to multiple large enterprises across almost every industry sector.

The more data on the table, the higher the total ransom payday and the keener victims are to pay a negotiated price.

Average ransomware demand in 2023

What was the average ransom demand in 2023, I hear you ask? Let me answer by saying that, according to the Comparitech numbers, it was a hefty $3 million across 2022. In 2023, that rose, although rocketed might be a better word, to $27.4 million.

This is based on ransoms that were initially demanded and known about. However, those figures are likely to be magnitudes higher than those paid after negotiations and flat refusals are factored in.

Meanwhile, NCC Group’s Threat Intelligence team has reported today that December ransomware attacks fell by 12% compared to November, which is the good news. The bad news is that it represented a 45% increase from December 2022. Year on year, NCC saw an 84% increase in 2023 attacks compared to the year before.

New ransomware attackers?

Perhaps the most interesting detail to emerge from this analysis is the part that new ransomware groups played last year.

It should be pointed out that new groups don’t necessarily mean new players. The data suggests that the Hunters group, for example, which ended the year accounting for 6% of attacks according to NCC, is thought to be the rebranded Hive gang that was disrupted by law enforcement earlier in the year.

Another group, WereWolves, also featured in the top ten list but is thought to be a LockBit affiliate.

“Closing 2023 with over 4,000 global ransomware attacks is reflective of the sharp rise of cyber-criminal activity compared with 2022,” says Matt Hull, Global Head of Threat Intelligence at NCC Group. 

“Over the year we’ve seen the development of sophisticated attack methods, allowing both new and old threat groups to exploit vulnerabilities of victims across a range of sectors and in particular, present threats to healthcare where we’ve seen notable successful attacks over the last 12 months with vast volumes of data being compromised.”