Breaking down the summary by industry, CPR analysts noted the following in its ecosystem users:

    • Education/Research, previously a prime target, experienced a 12% decrease in attacks, while still remaining with the list of industry with the highest volumes of cyberattacks. In ransomware attacks, this industry saw a 22% incidence, among the three most impacted.
    • Retail/Wholesale sectors faced a 22% increase, indicating a change in attacker focus. Factors contributing to the increase were cited:
      • Increases in volume of consumer data collected due to data-driven digitalization strategies
      • Great digitalization due to post-pandemic recovery and market forces
      • More complex supply chain networks
      • Expansion of e-commerce and online transactions leading to increased attack vectors and vulnerabilities
      • Insufficient cybersecurity measures among the smaller players
      • High transaction volumes due to revenge purchasing behaviour and other consumer trends such as stronger seasonal sales campaigns
    • Healthcare saw a 3% increase in attacks, given the critical nature of its services. This industry also saw a 12% incidence of ransomware attacks — among the top three most impacted.
    • Government/Military saw a 16% incidence of ransomware attacks, ranking second in the top three industries most impacted by ransomware in CPR data
    • Throughout 2023, there was a 3% (from 7% in 2022 to 10% in 2023) increase in ecosystem users worldwide having been targeted by an attempted ransomware attack. The total rate of ransomware attacks in CPR’s data in 2023 was the highest rate in the past years.

In 2023, the landscape of ransomware underwent a significant upheaval, marked by the following trends:

    • A major surge in both “conventional” ransomware and “mega”-ransomware that capitalized on a prevalence of zero-day exploits to amplify the extent of damage inflicted plus the number of victims impacted.
    • An increasing number of hacking groups boldly (though in some cases, falsely) claimed responsibility for the mega ransomware attacks.
    • Emerging regulatory pressures compelled more firms to disclose incidents of cyber extortion, amplifying the collective awareness of the pervasive threat.
    • An increasing number of cybercriminals in 2023 adopted a different approach in their ransomware attack strategies. They concentrated more on data theft, followed by extortion campaigns that did not necessarily involve data encryption but rather, threats of public disclosure of the stolen data. This signaled a shift: from disrupting operations through encryption to leveraging stolen data for monetary gains through extortion. This change underscores the increasing adaptability of cyber threat actors.