According to Rapid7, nearly 5,200 organizations were victims of ransomware attacks in 2023, but it is believed that the actual number is higher due to unreported attacks. This is an increase from the previous year, with twice as many attacks in the second half of 2023 compared to the latter half of 2022.
While the number of ransomware attacks is rising, the number of unique ransomware families used for these attacks actually decreased. The most active ransomware group in 2023 was AlphV, also known as BlackCat, which received nearly $300 million in ransom payments as of September. Despite law enforcement shutting down their infrastructure in December, the group re-emerged and continues to post new alleged victim organizations to its data leak site.
Other active ransomware groups in 2023 included BianLian, Clop, LockBit 3.0, and Play. Public-facing applications and legitimate account credentials were the top initial attack vectors observed in these attacks.