Targeted ransomware groups have increased in number and expertise

Targeted ransomware groups have increased in number and expertise


22 February 2024

In-depth research by Kaspersky experts shows a 30% increase in the number of ransomware groups worldwide from 2022 to 2023. Alongside this increase, the number of victims of targeted ransomware attacks increased by 70% within the same time period. These data were announced at Kaspersky's ninth annual Cyber Security Weekend - META, held in Kuala Lumpur.

Just as with other businesses, groups launching ransomware attacks are hiring skilled employees to carry out increasingly complex ransomware attacks. Unlike simple ransomware-type threats, which target victims arbitrarily, targeted ransomware groups are known for their attacks on governments, high-profile organisations or specific groups of individuals within an organisation or business.

Kaspersky researchers tracked around 60 ransomware groups in 2023, compared to around 46 groups in 2022, and found instances where there appeared to be collaboration between the different groups. In some cases, groups that excelled at providing easy access to corporate networks and systems sold this service to other groups who were able to launch more sophisticated attacks. Since cybercriminals must bypass multiple layers of defense, such partnerships allow them to save time and go straight to easily identifying and infecting the network in question.

In 2023, marking its seventh year as a key contributor to the No More Ransom initiative, Kaspersky's free decryption tools were downloaded more than 360,000 times, helping recover data from over 2 million users who fell victim to ransomware. However, despite these significant achievements, the total value of payments for ransomware threats globally exceeded $1.1 billion in 2023, setting a record.

To protect your business from ransomware attacks, you can follow Kaspersky's advice:

  • Keep all devices and systems up to date to prevent malicious users from exploiting vulnerabilities.
  • Make offline backups that cannot be used by third parties, while making sure you can quickly access them in case of an emergency.
  • Use a reliable endpoint security solution, which is based on prevention and behavioral detection, and has mechanisms that allow it to defend against malicious actions.
  • Kaspersky Threat Intelligence is also an indispensable tool that can provide in-depth data and real-time insights into the history, motivations and operations of ransomware groups.
  • Kaspersky has developed free tools for public use, such as the Kaspersky Anti-Ransomware tool and No Ransom, which helps block ransomware and decrypt files.
  • Ongoing employee education and training on cybersecurity issues is essential, as human error is the most common cause of cybersecurity breaches and can be a vulnerable access point for ransomware attacks.
View them all