The Readable’s subscribers can access a monthly ransomware report by S2W. The report includes specific statistics about ransomware groups and their victims, in addition to the numbers of newly opened data leak sites by ransomware groups. By reviewing these numbers, our readers will be able to get an idea of the overall threat landscape of the ransomware ecosystem. Jiho Kim, a researcher at S2W, provides reports representing her team’s work regarding threat intelligence.
Takeaways
In May 2023:
- A total of 327 companies had their data uploaded onto leak sites by ransomware groups. This is slight reduction from last month, which recorded 360 companies.
- LockBit remained the most active ransomware group for seven consecutive months, the period that The Readable has been publishing the ransomware index report, uploading 76 companies’ data onto their leak sites. This is more than double the amount of BlackCat’s activities, which exposed 36 companies’ data.
- Five new ransomware groups’ leak sites have been discovered. In addition, one ransomware group has changed the domain address for their leak site.
- For the first time in these reports, the business service industry turned out to be the most targeted industry, with 44 companies falling victim to ransomware groups. The manufacturing industry had remained the largest victim of ransomware until April.
- Companies in the United States were targeted the most by ransomware groups, making up 50.9% of the total percentage of victims.
Specifics
Newly discovered or changed data leak sites in May 2023
Ransomware groups and their activities in May 2023: Percentage of each ransomware group in companies that were uploaded onto data leak sites (number of companies)
Top five countries by number of leak sites their data appeared on
Top five industries by number of leak sites their data appeared on
The next monthly ransomware index report will be published in early July.
