Ransomware Groups Continue to Increase Their Operational Tempo

According to GuidePoint Security, ransomware activity continued to surge in Q3 of 2023. There was a 15% increase in ransomware activity compared to Q2, with 10 new emerging groups tracked during this quarter. GRIT observed 1,353 publicly posted ransomware victims claimed by 46 different threat groups in Q3, bringing the total for the year to 3,385 victims claimed by 57 different threat groups, representing an 83% increase from the previous year. The entertainment, hospitality, and tourism industry was targeted heavily, with notable attacks on MGM Resorts and Caesars Entertainment. The manufacturing and technology industries were the most impacted by ransomware, followed by retail and wholesale. Attacks against US-based organizations decreased, while attacks on UK-based organizations increased. The top three most active ransomware groups were LockBit, Cl0p, and Alphv. Despite public decryptors being released for some ransomware groups, there is a trend towards data-only exfiltration by impacted groups.