GRF analysts recently completed the semiannual ransomware report covering the second half of 2023. The report series tracks attacks based on public sources and conversations of threat actors in closed forums. Analysts compiled data on 2,050 successful attacks. Some key findings:

• Critical Manufacturing was the most targeted industry sector with 350 victims. The next most targeted sectors were Commercial Facilities (217), Information Technology (154) and Healthcare and Public Health (153).

• The majority of attacks were committed by LockBit’s version of ransomware, with 440 victims.

• GRF analysts have tracked the emergence of 30 new ransomware gangs in 2023, an almost 50% increase in tracked groups.

• Attacks on Commercial Facilities doubled in the second half of 2023

• The United States was targeted by 56% of all ransomware activity tracked by GRF analysts, with 21% directed at countries within the EU, followed by 7% targeting the UK.

• Zero-day vulnerabilities continued to be extensively exploited on wide-ranging technology tools.