The CyberMaxx team of cyber researchers conducts routine threat research independent of client engagements. The purpose of our research is to help foster collective intelligence among the cybersecurity community.
While conducting their research, the team discovers and analyzes ongoing ransomware attacks occurring in the wild.
In the first quarter of 2023 (Jan 1st – Mar 31st) we observed 909 successful ransomware attacks vs 1,030 in the fourth quarter of 2022, showing a 13% decrease in overall observed activity within similar timeframes.
Lockbit3 remains the most active group across both quarters, with 149 attacks in Q4 2022, and 215 in Q1 2023, showing a 44% increase in activity for this group. Most other groups showed a deficit in activity, with some prevalent figures such as Cl0p being down almost 80%. Blackbyte, RagnarLocker and AlphV all retained similar levels of activity, with less than 10% deviations across both timeframes.