2022 proved to be a year of distraction, 2023 again showing growth in the number of ransomware victims.
In 2022, more than 2,100 organisations worldwide were publicly mocked as victims of ransomware. The attacks were roughly evenly split between large, medium and small businesses, according to a report by Orange CyberDefense.
The data in the report shows that the war has had a noticeable impact in terms of cyber extortion. Activity decreased and threat actors had to regroup to continue their attacks.
Due to the geopolitical tensions arising from the war in Ukraine, many countries took sides in the conflict. It was therefore expected that ransomware would follow the same patterns. According to the report, 74 per cent of all victims in 2022 belonged to NATO countries. In the first quarter of 2023, and especially in March 2023, it saw a marked change and the trend reversed. This is evident from the spike in activity from threat actors. Whether this increase will continue is difficult to predict.
The number of incidents peaks as cyber extortion spreads to countries previously spared. The biggest increase compared to the previous year occurred in Southeast Asia (42%), where Indonesia, Thailand, the Philippines and Malaysia took the brunt. At the same time, casualties are decreasing in regions such as North America and Europe.
In 2022, the manufacturing sector was hardest hit, with roughly one-fifth of all victims working in this sector. The security report notes a 39 per cent drop. The number of victims was significantly lower in the second half of that year. One reason for this sharp drop is most likely the cessation of criminal activities by the hacker collective Conti.
The education sector fared much worse in 2022 compared to the previous year, with 41% more attacks. The five hardest-hit countries were the US, UK, Spain, France and Australia. Attacks in the utilities sector also increased by 51%, but the actual number of victims identified in 2022 remained low (35 victims).
In addition, the report reveals that ransomware attacks on the financial sector have increased (+11%): more than 130 financial institutions were victims. 75 per cent of all victims have fewer than 1,000 employees.
As for the size of companies, it appears that large organisations were most often affected in 2022: they accounted for 36 per cent of all victims. However, SMEs were hot on their heels. According to the report, 30 per cent of all victims were small organisations, while 24 per cent were medium-sized.