Home / Business Continuity / Ransomware Groups Have Evolved Their Tactics

Ransomware Groups Have Evolved Their Tactics

Rampant abuse of Zero-Day and One-Day vulnerabilities has resulted in a 143% increase in victims of ransomware, according to Akamai research.

The use of Zero-Day and One-Day vulnerabilities has led to a 143% increase in total ransomware victims between Q1 2022 and Q1 2023, according to a new report. Ransomware on the Move: Exploitation Techniques and the Active Pursuit of Zero-Days1 by Akamai Technologies, Inc. found that ransomware groups increasingly target the exfiltration of files, the unauthorized extraction or transfer of sensitive information, which has become the primary source of extortion. This new tactic indicates file backup solutions are no longer a sufficient strategy to protect against ransomware.

According to the report, adversaries are evolving their methods and techniques from phishing to put a greater emphasis on vulnerability abuse. As these adversaries shift tactics, LockBit has dominated the landscape, from Q4 2021 to Q2 2023, with 39% of total victims: This is more than triple the number of victims of the second-highest ranked ransomware group. Further analysis shows that the CL0P ransomware group is aggressively developing Zero-Day vulnerabilities, growing its victims by 9 times year-over-year.

Ransomware Kill Chain
(Source: Akamai Technologies, Inc.)

Manufacturing Industry Sees Largest Increase In Total Victims

Of all vertical industries, manufacturing saw a 42% increase in total victims between Q4 2021 and Q4 2022, underscoring the potential threat to global supply chains. LockBit was responsible for 41% of overall manufacturing attacks. The healthcare vertical saw a 39% increase in victims during the same period, and was targeted primarily by the ALPHV (also known as BlackCat) and LockBit ransomware groups.

Other key findings of Ransomware on the Move: Exploitation Techniques and the Active Pursuit of Zero-Days include:

Ransomware, Victims by Industry
(Source: “Ransomware on the Move: Exploitation Techniques and the Active Pursuit of Zero-Days,” Akamai Technologies, Inc.)
  • Organizations with reported revenue of up to $50 million were the most at risk of being targeted (65%) while organizations with reported revenue above $500 million made up 12% of total victims
  • Victims of multiple ransomware attacks were more than 6x more likely to experience the second attack within three months of the first attack
  • Financial services organizations saw an increase of 50% in the total number of impacted organizations year over year while the retail vertical ranks third in the number of ransomware victims per industry and saw a 9% increase

“Adversaries behind ransomware attacks continue to evolve their techniques and strategies striking at the heart of organizations by exfiltrating their critical and sensitive information,” said Pavel Gurvich, Senior Vice President and General Manager, Enterprise Security at Akamai. “It’s critical that organizations understand the techniques and tools deployed by adversaries in order to shield their critical assets, preserve trust in their brand and ensure business continuity.”


1 The ransomware data used throughout the report was collected from the leak sites of approximately 90 different ransomware groups. It is typical of these groups to report details of their attacks, such as timestamps, victims names, and victim domains. It is important to note that these reports are subject to whatever each ransomware group has a desire to publicize. The successfulness of these reported attacks was not included in this research.
This research focused instead on the victims who were reported. For each analysis, the number of unique victims within each grouping was measured. This victim data was joined with data obtained from ZoomInfo to provide additional details about each victim, such as location, revenue range, and industry. All data was within the 20-month time frame of October 1, 2021 through May 31, 2023.

Click here to read more about cybersecurity and business continuity issues from Continuity Insights.

Akamai Technologies, ALPHV, BlackCat, Business Continuity Plan, CL0P, Financial Services, Healthcare, LockBit, Manufacturing, One-Day, ransomware, Ransomware Kill Chain, Ransomware on the Move: Exploitation Techniques and the Active Pursuit of Zero-Days, Ransomware Victims. Extortion, Retail, Supply Chains, Vulnerability, Zero-Day

Receive the latest articles in your inbox

Share to...