Compared to 2,679 messages in 2022, Unit 42 identified 3,998 messages from ransomware leak sites in 2023. This is an increase of approximately 49%. This increase can be explained by high-profile vulnerabilities such as SQL injection for MOVEit and GoAnywhere MFT services. Zero-day attacks for these vulnerabilities caused a spike in ransomware infections by groups like CLOP, LockBit, and ALPHV (BlackCat).

Law enforcement

Moreover, several prominent ransomware groups have disappeared in 2023. Their downfall was caused in part by excessive exposure and aggressive tactics, which attracted the attention of law enforcement agencies and cybersecurity organizations. These ransomware groups were the center of attention, creating additional pressure and operational challenges. Law enforcement efforts have led to great success in disrupting ransomware operations, with some notable groups appearing to have ceased operations by 2023, for example:

Hive: One of the most prolific groups in 2022, shut down in 2023. This operation obtained the group's decryption keys and offered them to victims worldwide, saving victims more than $130 million in potential ransom payments.

Ragnar Locker: Originally started in 2019, has been very active since then. In October 2023, Europol reported a coordinated international law enforcement operation that seized the Ragnar Locker infrastructure. The main perpetrator was then brought to the Paris court.

Alternative

Law enforcement has worked to provide victims with decryption keys, seize infrastructure, and arrest key threat actors. This way they could prevent ransomware groups from making a lot of money. The outcomes have forced employees to leave these groups and look for more profitable alternatives.