RANSOMWARE Report 2023
A deep dive into vulnerabilities exploited by ransomware criminals
Newly discovered, neglected, or old, resurrected vulnerabilities—attackers are going after any vulnerability they can weaponize and exploit! Organizations need to know their exposure to these threats to stay ahead.
Our Ransomware Report 2023 presents an in-depth analysis of vulnerabilities newly associated with ransomware, extremely dangerous vulnerabilities with ATT&CK kill chains, MITRE attacks, scanner latencies, vendors and products under attack, and predictive trends.
Key Metrics
19%
increase in the count of vulnerabilities associated with ransomware
57
vulnerabilities associated with ransomware are extremely dangerous
180
vulnerabilities associated with ransomware are trending
20
vulnerabilities associated with ransomware are undetected by popular scanners
76%
of vulnerabilities associated with ransomware are old
16%
of vulnerabilities associated with ransomware have low and medium severity scores
50
threat groups are using ransomware to attack targets
176
unique ransomware families exist in the threat landscape
118
vulnerabilities associated with ransomware are present in multiple products
131
vulnerabilities associated with ransomware excluded from CISA KEV
80
weaknesses are contributing vulnerabilities to ransomware threats
103
vulnerabilities associated with ransomware have been exploited to launch phishing attacks
“Ever since our experts began researching ransomware threats, we have been noting a steady increase in the number of vulnerabilities that are tied to ransomware. The only way to counter this escalating threat is by shrinking your attack surface through timely accurate data.”
— Aaron Sandeen, Co-Founder & CEO, Securin & CSW
“By leveraging the information in this report and implementing a risk-based
vulnerability management solution, organizations can finally begin to go on the offensive with their
cyber strategy.”
— Srinivas Mukkamala, Chief Product Officer at Ivanti
"While adversaries continue to craft stealthy tooling, techniques,
and tactics to weaponize vulnerabilities, it is essential for SecOps teams to automate and
orchestrate their processes to mitigate risk through real-time operationalization."
— Anuj Goel, Co-founder & CEO, Cyware
Download Previous Reports
Ransomware Index Update Q2 & Q3 2022
Ransomware Index Update Q1 2022
Ransomware Index Update for Q3 provides the latest ransomware trends, and the new groups, vulnerabilities and weaknesses tied to ransomware. Understand what vulnerabilities offer the greatest threat and stay protected.
Ransomware Spotlight Report 2022
Ransomware Index Update for Q3 provides the latest ransomware trends, and the new groups, vulnerabilities and weaknesses tied to ransomware. Understand what vulnerabilities offer the greatest threat and stay protected.
Ransomware Index Update Q3 2021
Ransomware index update for Q2 looks at new vulnerabilities tied to ransomware, new exploits, APT Groups, and Ransomware families. Build resilience to defend your ecosystem from crippling ransomware attacks.
Ransomware Index Update Q2 2021
Ransomware index update for Q1 2021 brings new vulnerabilities, exploits, APT Groups and Ransomware families that have become active in the first quarter of 2021. Get updated insights about this evolving threat and know your exposure to it.
Blogs
#CyberSecurity
All About Conti
May 12, 2022 | Surojoy Gupta
#CyberSecurity
CSW Analysis: Top Scanners Missed Vulnerabilities Tied to Ransomware in 2021
Feb 4, 2022 | Pavithra Shankar
#CyberSecurity
CISA Releases a Directive Asking Organizations to Patch Known Exploited Vulnerabilities
May 19, 2022 | Surojoy Gupta
#CyberSecurity
Top Scanners Fail to Flag DHS CISA-warned KEVs
May 19, 2022 | Pavithra Shankar
#CyberSecurity
Pegasus Spyware Snoops On Political Figures Worldwide
May 5, 2022 | Surojoy Gupta
#CyberSecurity
Cyberwar Bulletin 1: Russia & Ukraine
Mar 10, 2022 | Sumeetha, Priya
#CyberSecurity
Cyberwar Bulletin 2: Are you ready for this cyberwar?
Mar 16, 2022 | Sumeetha, Priya
#CyberSecurity
Accenture attacked by LockBit 2.0 Ransomware
Aug 19, 2021 | Sumeetha, Surojoy
#CyberSecurity
20 Percent of CVEs Listed in CISA’s Latest Directive have Ransomware Associations
May 25, 2022 | Surojoy Gupta
#CyberSecurity
Darkside Ransomware: Further Threat Associations Unearthed
August 21, 2021 | Priya Ravindran
#CyberSecurity
Kaseya VSA Downed by REvil in Monumental Supply-Chain Attack
July 12, 2021 | Surojoy, Priya
#CyberSecurity
REvil Brings Down JBS - the World’s Largest Meat Packer
June 16, 2021 | Sumeetha
#CyberSecurity
All About Qlocker
April 05, 2022 | Priya Ravindran
#CyberSecurity
Darkside: The Ransomware that brought a US pipeline to a halt
May 18, 2021 | Sumeetha
.png)
#CyberSecurity
All about Ryuk
Apr 16, 2021 | Sumeetha
Media Coverage
#Ransomware
Ransomware Vulnerabilities Spike by 7.6% in Q1 2022
May 19, 2022 | AiTechpark
#Ransomware
Prioritize patching vulnerabilities associated with ransomware
May 19, 2022 | Help Net Security
#Ransomware
Ransomware gangs rely more on weaponizing vulnerabilities
May 19, 2022 | Bleeping Computers
#Ransomware
Ransomware vulnerabilities increase as Russia-linked activity surges
May 19, 2022 | Beta News
#Ransomware
CSW Releases Q1 2022 Ransomware Report
May 19, 2022 | Industry Today
#Ransomware
Ransomware Groups Continue to Leverage Old Vulnerabilities
May 18, 2022 | Health IT Security
#Ransomware
Ransomware Vulnerabilities Spike by 7.6% in Q1 2022
May 18, 2022 | VM Blog
#Ransomware
The True Danger for Organizations: Unpatched Vulnerabilities
May 20, 2022 | Security Boulevard
#Ransomware
CSW: Attackers Weaponize Vulnerabilities Days After..
Jun 03, 2022 | SDX Central
#Ransomware
Q1 2022 Ransomware Report Reveals 7.6% Increase in Vulnerabilities Tied to Ransomware
May 18, 2022 | BusinessWire
#Ransomware
Managing Ransomware in 2022
Apr 11, 2022 | IT Social
#Ransomware
Cybersecurity’s challenge for 2022 is defeating weaponized ransomware
Jan 26, 2022 | Venture Beat
.png)
#Ransomware
Ransomware 2021 Year End Report Reveals Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Networks
Jan 26, 2022 | Bloomberg
#Ransomware
Ivanti report finds 32 new ransomware families in 2021
Jan 26, 2022 | SiliconANGLE
#Ransomware
Ransomware Spotlight Year End 2021 Report (Ivanti)
Jan 26, 2022 | The Cyberwire
#Ransomware
Ransomware 2021 Year End Report Reveals Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Networks for Maximum Impact
Jan 26, 2022 | Yahoo Finance
#Ransomware
Hackers continue to target zero-day vulnerabilities
Jan 26, 2022 | BetaNews
#Ransomware
New Ransomware Report Reveals Hackers Are Increasingly Targeting Zero-Day Vulnerabilities and the Supply Chain
Feb 8, 2022 | Direct Industry
#Ransomware
32 new ransomware families in 2021, a 26 per cent YoY increase: Report
Jan 29, 2022 | The Hindu
.png)
#Ransomware
Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Net .. Read more at: https://cio.economictimes.indiatimes.com/news/digital-security/hackers-are-increasingly-targeting-zero-day-vulnerabilities-and-supply-chain-networks-for-maximum-impact-states-report/89175933
Jan 28, 2022 | CIO, Economic Times
.png)
#Ransomware
Ransomware families becoming more sophisticated with newer attack methods
Jan 28, 2022 | Help Net Security
#Ransomware
Ransomware 2021 Year End Report Reveals Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Networks for Maximum Impact
Jan 28, 2022 | BusinessWire
#Ransomware
Hackers are targeting unpatched systems, supply chain networks: Report
Jan 28, 2022 | The New Indian Express
#Ransomware
Ransomware groups target zero-day weakness, networks
Jan 27, 2022 | Tech Herald
