In 2023, ransomware attacks have seen an unprecedented rise, representing one of the biggest threats to enterprise cybersecurity.
In this article we will explore the latest ransomware trends this year, highlighting the most significant cases. In addition, we will provide practical tips and protective measures to help you safeguard your data and keep your business safe from this growing threat.
Ransomware attack trends in 2023
There are 4 main factors that explain the boom in ransomware attacks in the world so far this year.
- Increased sophistication and diversification of ransomware variants.
- Expansion of double extortion tactics and leakage of sensitive data.
- Specific targets: companies in critical sectors and service providers.
- Use of advanced evasion and encryption tools and techniques.
Worldwide ransomware cases in 2023
During this year, ransomware attacks have become an increasingly sophisticated and devastating threat.
Companies of all sectors and sizes are targets of these attacks, with serious financial and reputational consequences.
Recent ransomware attacks
It is estimated that around 33 billion account breaches will take place in 2023. A total of 8,000,000 cyber-attacks have been recorded to date, equivalent to one attack every 39 seconds.
The most outstanding and recent ones:
Royal Mail: A LockBit attack targeted Royal Mail, considered "critical national infrastructure" in the UK, and caused severe disruption to all international deliveries.
Bay Area Rapid Transit, San Francisco: A ransomware attack against San Francisco's Bay Area Rapid Transit exposed highly sensitive and personal data. Vice Society claimed responsibility for the attack and allegedly stole employee data, police reports and crime lab reports, among other sensitive documents.
Dole Food Company: One of the world's largest suppliers of fresh fruit and vegetables has revealed that it was the victim of a ransomware attack that disrupted its operations. The food giant has hired outside experts to help mitigate and protect the affected systems, and a law enforcement incident has also been reported.
Yum! Brands: The U.S. company that owns KFC, Pizza Hut and Taco Bell closed nearly 300 of its restaurants in the United Kingdom due to a ransomware attack launched by an unknown malicious group. In response, the company took the affected systems offline and implemented enhanced monitoring technology.
Tallahassee Memorial HealthCare in Florida: After suffering a ransomware attack, the medical center was down for nearly a week. The hospital had to rely on paper documentation and handwritten patient notes during the downtime, and surgery and procedures were limited. During that period, some ED patients were referred to other hospitals. For security, privacy and legal compliance reasons, information about this incident remains limited.
The Technion Institute of Technology, Israel, suffered a ransomware attack in February claimed by DarkBit, a new ransomware group that claims to associate its actions with hacktivism. The group was demanding a payment of 80 Bitcoins ($1.7 million) to release the decryptor. The attackers stated that they would add a 30% penalty if the payment was not made within 48 hours.
The city of Oakland, California, was the target of a ransomware attack also in February, forcing the city to take all systems offline until the network could be secured and affected services restored.
The state of Oregon: As a result of a sophisticated ransomware attack, Oregon experienced a major network outage. IT staff and third-party specialists restored the network, but data recovery continues. Thanks to an earlier investment in backup technology, this state was able to recover from the incident without paying a ransom. The investigation continues to determine whether sensitive or personal information was accessed during the attack.
Hospital Clinic, Barcelona: One of the main hospitals in the Catalan capital suffered a ransomware attack that paralyzed its computer system, causing the cancellation of 3,000 patient check-ups and 150 non-urgent operations. The incident occurred on Sunday, March 5, 2023.
U.S. Marshals Service experienced a security breach that compromised sensitive information. A spokesperson for that federal law enforcement agency stated that the incident occurred in February 2023, when the service discovered a "ransomware and data exfiltration event affecting a standalone USMS system."
Tips to protect your data and keep your business safe from ransomware:
To prevent these cyberattacks, it is essential to be aware of the latest ransomware trends and take appropriate protective measures. Here are some tips:
Keep your software up to date: Ensuring that all operating systems, applications and programs are always up to date is essential to mitigate known vulnerabilities that cybercriminals can exploit. Set up automatic updates to ensure you always have the latest versions and security patches installed.
Use robust security solutions: Deploy a combination of reliable security tools, such as firewalls, antivirus and anti-malware solutions. They will help you detect and block known and unknown threats and provide you with additional layers of protection, such as behavioral monitoring and real-time ransomware detection.
Make regular backups and store them in secure locations: Making regular data backups and storing such data in secure locations, such as external devices or cloud services, is critical. Ensure that backups are disconnected from the network and protected with strong passwords.
Educate your employees on cyber security: The human factor remains one of the weakest points in ransomware protection. Provide regular training to your employees on cybersecurity risks, how to identify phishing emails and other social engineering tactics used by cybercriminals. Encourage your employees to report any suspicious activity and follow established policies and procedures.
Establish access policies and privileges: Limiting user access and privileges to sensitive systems and files can help prevent the spread of ransomware. Grant permissions only to those employees who truly need access to certain data and files, and use multi-factor authentication to strengthen security.
Implements advanced detection and response solutions: Consider adopting endpoint detection and response (EDR) solutions that monitor and record the behavior of your systems for suspicious activity. These solutions can help identify and respond quickly to ransomware attacks, thus minimizing the impact on your business.
