Ransomware attacks in November rise 67% from 2022
- Total ransomware cases up 30% from October.
- Industrials (33%), Consumer Cyclicals (18%), and Healthcare (11%) remain most targeted sectors.
- North America (50%), Europe (30%), and Asia (10%) continue to be the top three targeted regions.
November 2023:
Global levels of ransomware attacks rose 30% in November, with a total of 442 attacks, following a lower volume of attacks in October (341), according to NCC Group’s November Threat Pulse.
As the third most active month of the year, ransomware levels in November have taken the total number of global ransomware attacks to 4,276 cases so far, surpassing predictions that the total figure would hit 4,000 with one month of 2023 still to go.
Industrials sector continues to be hardest hit
Following the trends witnessed across the year, Industrials was the most targeted sector in November, with 146 (33%) of all attacks, marking a 28% increase from October (114).
The data reveals that Industrials remain prime targets for the breadth and diversity of organisations in the sector and their vast amounts of PPI and IP data. As Industrials are focused on digitalisation to enhance efficiency and productivity, there is a greater risk of ransomware attacks.
Consumer Cyclicals is the second most targeted sector with 78 (18%) of attacks, with Healthcare also holding its third place spot from October with 50 (11%) of attacks. Another month of high levels of ransomware for Healthcare indicates a concrete shift in the threat landscape for the sector.
LockBit remains a dominant player
In November, LockBit was the most active threat actor, with a 73% month-on-month increase in activity from 66 attacks recorded in October. Data from across this year shows that LockBit has maintained its position as the most prominent threat actor, except in March, June, and July, when CLOP’s mass exploitation of GoAnywhere and MOVEit vulnerabilities put them in the top spot.
BlackCat takes second place in November with 49 (11%) of attacks and a month-on-month increase of 58%. Play drops down from the 2nd most active group in October to third in November, responsible for 10% of all attacks. November’s data marks the most active month for Play recorded by NCC Group. In November, the top three threat actors were responsible for 206 (47%) of all attacks.
Ransomware attacks in Europe rise
As expected, Europe and North America witnessed the majority of attacks in November. Consistent with this year’s trends, North America remains the most targeted region, with 219 (50%) of attacks.
Ranking the second most targeted region, Europe witnessed 135 (31%) of attacks, an increase of 36 following 99 attacks in October. Asia took third place with 46 (10%) attacks, and overall, November saw an increase (from 3 to 7) in the number of undisclosed targets, meaning unrevealed regions.
Spotlight – The return of Carbanak
November saw a return of the well-known banking malware Carbanak in ransomware attacks. First emerging in 2014, Carbanak malware has been used by ransomware gangs to infiltrate financial systems after deploying advanced phishing techniques to compromise bank employees. The malware allows threat groups to gain access to networks through human entry points and criminals to take control of payment processing services.
Carbanak’s popularity had fallen until November, but last month’s use of the malware returned, having evolved over recent years. The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness. Carbanak returned last month through new distribution chains and has been distributed through compromised websites to impersonate various business-related software. Imposters in November included the CRM platform HubSpot, data management software Veeam, and account tool Xero.
Matt Hull, Global Head of Threat Intelligence at NCC Group said:
“After a dip in ransomware levels in October, the return to another active month in November brings the total number of ransomware attacks in 2023 - beyond what we predicted. With one month of the year still to go, the total number of attacks has surpassed 4,000 which marks a huge increase from 2021 and 2022, so it will be interesting to see if ransomware levels continue to climb next year.
“As we’re nearing the end of the year, it’s important for businesses to remain prepared and not become complacent. In the lead-up to Christmas, ransomware groups are typically active to push profits before taking a somewhat break over the festive period. As we look to the new year, with the Industrials sector in particular remaining the most attractive sector for ransomware gangs, cyber security must be a key priority for the industry to improve supply chain resilience.”
Notes to Editors:
About NCC Group
NCC Group is a people-powered, tech-enabled global cyber security and software escrow business.
Driven by a collective purpose to create a more secure digital future, c2,000 colleagues across Europe, North America, and Asia Pacific harness their collective insight, intelligence, and innovation to deliver cyber resilience for over 14,000 clients across the public and private sectors.
With decades of experience and a rich heritage, NCC Group is committed to developing sustainable solutions that continue to meet clients’ current and future cyber security challenges.
Monthly Cyber Threat Intelligence Webinar
Our team of experts keep a constant watch over the cyber and geopolitical landscape, so you don’t have to. Our monthly webinars give you further insight and exclusive access to what's happening now.
Join our Global Head of Threat Intelligence, Matt Hull, each month: