Armorblox is now part of Cisco

Articles & Thought Leadership | 9 min read

2023 Ransomware Trends to Keep On Your Radar


Lauryn Cash
Lauryn Cash

With cyberthreats on the rise, we’ve outlined the most important ransomware trends to watch out for in 2023.

Ransomware illustration

As technologies evolve, so do data security threats. In 2023, ransomware trends will adapt to new security measures and economic changes, so your IT team must stay up-to-date on current hacking patterns.

Verizon’s Data Breach Investigation Report (DBIR) indicated a 13% rise in ransomware attacks year-over-year from 2021 – an increase greater than the previous five years combined. However, this issue isn’t confined to our shores. The Second International Counter Ransomware Initiative (CRI) Summit is working to address the challenges associated with ransomware, indicating the seriousness of this threat globally.

This guide will break down ten key ransomware trends targeting the tech world in 2023. While some developments are riffs on familiar methods (like phishing), others are more creative (e.g.,  using AI tools like ChatGPT to create new malware variants).

Thankfully, you can prevent ransomware and other malware attacks in a few ways—one of which is staying up-to-date on ransomware predictions and trends. When you’re educated on ransomware patterns, it’s easier to remain vigilant and prevent attacks.

Here are the trends we’re watching this year:

  1. Economic downturn spurs cyberthreats
  2. Data extortion is increasing
  3. Data destruction causes permanent losses
  4. Cloud threats target endpoints
  5. Phishing (and spear phishing) continues to lure
  6. Ransomware-as-a-Service (RaaS) matures
  7. Communication tools remain targets
  8. Ransom payments increase while revenues decrease
  9. Critical infrastructure attacks remain steady
    1. Artificial intelligence tools increase

1. Economic Downturn Spurs Cyberthreats

The threat of a recession in the post-pandemic world has created security gaps for cybercriminals to enter into. With many businesses shrinking to make up for lost revenues, security measures are put on the back burner as companies struggle to find and keep experienced IT staff.

In addition, eliminating cyberthreat training for existing non-IT staff has created vulnerabilities that have proven difficult to surmount.

2. Data Extortion is Increasing

Instead of merely locking your company’s systems and preventing access, hackers exfiltrate sensitive data and then threaten to publish or sell it to interested parties on the dark web. If your company works in any of the following sectors (where confidentiality is paramount), then you must stay vigilant to prevent extortion threats that result from ransomware attacks:

  • Healthcare
  • Education
  • Government
  • Financial services and banking
  • Insurance and benefits providers

3. Data Destruction Causes Permanent Losses

The flip side of data extortion is data destruction, in which hackers destroy exfiltrated data outright rather than distribute or sell it. Sensitive data can be destroyed after capture, or hackers can erase critical records, causing permanent damage to operating systems.

Destructive ransomware and malware often employ Trojan horses, worms, and infected files that users unwittingly download in a ransomware attack.

4. Cloud Threats Target Endpoints

Unpatched software vulnerabilities and poor system configurations create targets for cloud endpoint attacks. As cybersecurity teams struggle to adapt to cloud architecture, experienced hackers develop new strategies to infiltrate weaknesses that leave companies susceptible to attack.

5. Phishing (and Spear Phishing) Continues to Lure

Phishing isn’t a new concept, and threat actors continue using phishing tactics to access critical, secure data. Phishing describes any attempt to fraudulently collect information from unsuspecting users. It gives hackers access to confidential information like account numbers, user credentials, or network infrastructure.

Spear phishing is a more targeted form, zeroing in on high-profile individuals or those with unique access to data and systems.

To protect your data, beware of phishing tactics like:

  • Emails disguised as requests from legitimate entities like banks or government agencies
  • Suspicious links to unfamiliar sites requesting credentials or personal information
  • Illegitimate text messages or correspondence in third-party communication software

6. Ransomware-as-a-Service (RaaS) Matures

While Ransomware-as-a-Service (RaaS) is a newer trend in cybersecurity threats, it continues to evolve in sophistication. RaaS makes it easier for non-technical criminals to use ransomware tools developed by others to attack their victims.

Ransomware “affiliates” now employ tools to carry out attacks, while those who create and maintain those tools only profit from their sale. In addition, a third party – an access broker – often acts as a go-between to secure network access that enables RaaS tools to be deployed.

7. Communication Tools Remain Targets

If your company uses Slack, G-Suite, Zoom, or other applications used for remote work, beware of hackers using the following tactics to acquire confidential company data:

  • Fraudulent messages: Hackers will disguise themselves as team members and send requests for credentials and account numbers or ask for personal information.
  • Suspicious links: Not all programs are created equal regarding cybersecurity. While many providers have built-in spam filters, some suspicious links (especially zero-day attacks) can slip through the cracks. Implementing a URL protection tool protects end users who may not verify all URLs before clicking or entering personal information online.
  • Fake updates: If hackers break into third-party software to target end users, they could issue fraudulent “updates,” leading to users unintentionally installing malware on personal devices.

8. Ransom Payments Increase While Revenues Decrease

High financial demands represent a significant trend in ransomware activities.

But while hackers are increasing ransom demands, they’re also enhancing their ability to disrupt revenue. With improved encryption, lock-outs, and access prevention methods, ransomware attackers can limit user activity until ransoms are paid.

Ransomware attacks are not just a minor inconvenience—they can significantly impact company productivity. Moreover, as the magnitude of ransomware attacks grows, so does the potential for financial ruin.

9. Critical Infrastructure Attacks Remain Steady

Ransomware hackers increasingly target critical infrastructure and organizations like local governments and public healthcare systems. Why?

  • Public sector companies have fewer resources to invest in robust cybersecurity, making them easier targets for hacking.
  • These critical organizations have increased access to confidential information, potentially increasing the fallout from an attack.

If you work in the public sector, you must stay vigilant against ransomware attacks. Preventing hacks protects your organization and reduces the exposure risks for the people you serve.

10. Artificial Intelligence Tools Increase

Concerns about OpenAI’s potential to create malware scripts are a dark side to AI’s potential. Using tools like ChatGPT to generate malicious code may be in its infancy, but probably not for long.

Threat actors with little to no technical knowledge could be experimenting with using these tools for nefarious purposes. However, employing AI and machine learning (ML) technology is a significant step in countering these efforts.

Automation relieves the burden of slow manual processes while detecting and containing attempted attacks and reducing false positives. AI tools promise to outwit hackers and keep threats at bay while giving humans more time to spend on critical business initiatives.

Avoid Ransomware Attacks With Armorblox

Ransomware is a significant concern for companies worldwide. Hackers can target your network or personal data from anywhere, threatening your financial security and exposing confidential information.

At Armorblox, we provide businesses with a platform for monitoring cybersecurity, helping you prevent Business Email Compromise (BEC), phishing attacks, ransomware, and other cyberthreats.

Your business, your employees, and your customers deserve the utmost protection. Armorblox can help you prevent potentially devastating exposures.

Take a quick product tour today to learn more about how Armorblox guards against ransomware threats and so much more.

Take BEC Tour

Experience the Armorblox Difference

Get a Demo