2023 has come to an end and one thing is for certain: it’s been a record-breaking year for ransomware. Victim counts on leak sites regularly landed above 300 (several months hit counts above 400) and activity steadily climbed each quarter throughout the year. Q4 saw a slight decrease over the previous quarter, with 1,278 victims observed on ransomware leak sites (that’s 7% fewer than in Q3). But make no mistake, that figure represents a steep 69% increase compared to the fourth quarter of 2022. As we’ve said before, we’re firmly in a “new normal” of heightened activity.
In this report, we will highlight some more of our findings from Q4 2023 and also look at trends across the full year that was 2023. Let’s dig in!
A quarter-over-quarter dip
In the past, the fourth quarter was typically the most active quarter for ransomware attacks in a given year. Why wasn’t that the case in 2023?
Most significantly, international law enforcement took down a malware network, Qakbot, in August. Also known as QBot, this malicious code was often used to gain initial access to victim networks. While threat actors wasted little time pivoting to new malware, the takedown does appear to have been a setback. As a result, October ransomware numbers fell short of what was expected. In Q4 law enforcement also disrupted one of the most prolific ransomware gangs, ALPHV/BlackCat, which likely impacted totals (more on this later).