It seemed that the tide had turned in the ransomware landscape in 2022. Reports showed a declining numbers of attacks and more victims refusing to pay. But in 2023, ransomware activity surged. Ransomware gangs successful extorted a record $1.1 billion in cryptocurrency payments from victims, according to a report from blockchain analysis firm Chainanalysis.

What factors drove the upswing in ransomware activity? And following a year of record payments, what can enterprise security leaders expect in the ransomware landscape of 2024?

The Top Threat Actors

Ransomware remains a lucrative business for cybercriminals, and the barrier to entry is relatively low. Threat actors can seek easily exploitable vulnerabilities or opt to pay for ransomware-as-a-service. While the volume of attacks is significant, several notorious groups take the lead as repeat offenders.

“LockBit we see … almost 25% of all ransomware attacks are from that group,” Jonathan Braley, director of threat intelligence at the Information Technology-Information Sharing and Analysis Center (IT-ISAC), tells InformationWeek. “So, every week we’re seeing 10 to a dozen attacks coming just from LockBit.”

Taiwan Semiconductor Manufacturing Company (TSMC) and IT products and services company CDW were among LockBit’s victims in 2023. The group demanded $70 million from TSMC and $80 million from CDW. In 2024, the group claimed responsibility for attacks on Saint Anthony Hospital and Lurie Children’s Hospital in Chicago.