When it comes to ransomware attacks, average initial ransom demands for 2023 increased 20% year-over-year to $600,000, with some industries hit much worse: legal, government, retail and energy are now regularly seeing median demands. of $1 million or more.
This according to Arctic Wolf, of which annual cybercrime report published this week shows that victims of the manufacturing vertical appeared in 708 posts on various leak sites, making it the most represented sector, probably because Production downtime poses an existential threat to factories, making them a particularly suitable target for extortion.
Business services were the second most commonly listed industry sector on ransomware gangs’ dark websites with 450 instances, followed by education/nonprofits (321) and retail/wholesale (305).
LockBit dominates ransomware activity
Meanwhile, the main groups carrying out the most cyberattacks boil down to three (LockBit 3.0, BlackCat/ALPHV and Cl0p), although there are dozens of smaller operators such as Akira, Royal and BlackBasta operating out there.
LockBit, which was shut down this week by law enforcementwas by far the most widespread, tallying 926 attacks in Arctic Wolf telemetry, more than double the 402 made by #1. 2 BlackCat (which was discontinued in December) and 381 attacks claimed by Cl0p (subject to Ukrainian police action in 2021).
Other researchers who have tracked the segment have had similar results.
“LockBit has a 25% share of the ransomware market,” says Don Smith, vice president of threat intelligence at Secureworks Counter Threat Unit. “Their closest rival was BlackCat with about 8.5%, after which it really started to fragment. LockBit dwarfed all the other groups and so [the takedown this week] is highly significant.”
He adds: “In a highly competitive and cutthroat market, LockBit has grown to become the most prolific and dominant ransomware operator. It has approached ransomware as a global business opportunity and aligned its operations accordingly, expanding across affiliates at a rate that simply dwarfed other operations.” .”