Skip to main content

Kaspersky's research, spanning the years 2022 and 2023, reveals a worrisome escalation in targeted ransomware groups. The data indicates a staggering 30% global increase in the number of these groups compared to 2022, accompanied by a 71% surge in known victims of their attacks. Unlike random assaults, these targeted groups set their sights on governments, prominent organizations, and specific individuals within enterprises. With cybercriminals orchestrating sophisticated and extensive attacks, the threat to cybersecurity grows ever more pronounced.

In 2023, Lockbit 3.0 emerged as the most prevalent ransomware, leveraging a builder leak in 2022 to spawn custom variants targeting organizations worldwide. BlackCat/ALPHV ranked second, until December 2023, when a collaborative effort by the FBI and other agencies disrupted its operations. However, BlackCat quickly rebounded, underscoring the resilience of ransomware groups. Third on the list was Cl0p, which breached the managed file transfer system MoveIt, impacting over 2.5 thousand organizations by December 2023, according to New Zealand security firm Emsisoft.

Kaspersky's threat research identifies several noteworthy ransomware families, including BlackHunt, Rhysida, Akira, Mallox, and 3AM. Moreover, as the ransomware landscape evolves, smaller and more elusive groups are emerging, posing new challenges for law enforcement. The rise of Ransomware-as-a-Service (RaaS) platforms further complicates the cybersecurity landscape, emphasizing the need for proactive measures.

Kaspersky's incident response team notes that ransomware incidents accounted for every third cybersecurity incident in 2023. Attacks via contractors and service providers have emerged as prominent vectors, facilitating large-scale assaults with alarming efficiency. Overall, ransomware groups demonstrate a sophisticated understanding of network vulnerabilities and utilize a variety of tools and techniques to achieve their objectives. The use of well-known security tools, exploitation of public-facing vulnerabilities, and exploitation of native Windows commands highlight the need for robust cybersecurity measures to defend against ransomware attacks and domain takeovers.

“The escalating financial toll of ransomware attacks underscores the urgent need for governments to elevate cybersecurity strategies. As ransomware-as-a-service proliferates and cybercriminals execute increasingly sophisticated assaults, the threat to cybersecurity becomes more acute. Ransomware strikes persist as a formidable menace, infiltrating critical sectors and preying on small businesses indiscriminately. To combat this pervasive threat, it's imperative for individuals and organizations to fortify their defenses with robust cybersecurity measures. Deploying solutions such as Kaspersky Endpoint Security and embracing Managed Detection and Response (MDR) capabilities are pivotal steps in safeguarding against evolving ransomware threats,” commented Dmitry Galov, head of research center, Kaspersky’s GReAT.

Read the full report on the state of ransomware at

On May 12, which is Anti-Ransomware Day, Kaspersky encourages organizations to follow these best practices that help safeguard your organization against ransomware:

  • Always keep software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network.
  • Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminals’ connections to your network. Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency.
  • Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions.
  • Install anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within Kaspersky Expert Security framework.
  • Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.
  • To protect the company against a wide range of threats, use solutions from Kaspersky Next product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organizations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one if your cybersecurity requirements are changing.   
  • To learn about the TTPs of the most influential ransomware groups, download our "The hateful eight" report.

Every third cyber incident was due to ransomware, Kaspersky reports

Ransomware remains a formidable cybersecurity threat, impacting organizations and individuals globally. With the rise of targeted ransomware groups, Kaspersky's latest research uncovers a concerning trend: every third cyber incident in 2023 was attributed to ransomware attacks. As the world prepares to observe International Anti-ransomware Day on May 12, Kaspersky releases a comprehensive analysis of the current ransomware landscape. Delving into major events, emerging trends, and actionable recommendations, the report sheds light on the evolving nature of ransomware threats and their implications for cybersecurity.
Kaspersky Logo