Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings 2024 Global Threat Intelligence Report

By NTT Security Holdings

Published April 26, 2024  |  Security

Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings 2024 Global Threat Intelligence Report

Bad actors are using more aggressive and unscrupulous tactics to acquire personal data and extort ransoms

Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings recently released 2024 Global Threat Intelligence Report.

Created by NTT Security Holdings Global Threat Intelligence Center, the report examines cybersecurity trends, provides insights on the threat landscape, and offers recommendations to help organizations better protect against cyberattacks.

After a down year in 2022, ransomware and extortion incidents increased in 2023. More than 5,000 ransomware victims were detected or posted across multiple social channels up from approximately 3,000 in 2022. These findings are based on NTT Security Holdings Global Threat Intelligence Center’s internal research and by compiling listings on extortion sites, Telegram channels, and public reporting and disclosures. The number of victims is likely higher because the research does not reflect incidents where ransoms were paid before the listing was made public.

“Our 2023 report highlighted the increase in cyberthreats affecting day to day life, economic conditions, and privacy,” said Jeremy Nichols, NTT Security Holdings’ Global Threat Intelligence Center director. “We expect this to soar in 2024 as threat actors create more sophisticated attacks using artificial intelligence to exploit growing attack surfaces and take advantage of limited cyber budgets and staff shortages.”

GTIR 2024 stats

Key Insights From the 2024 Report:

Critical infrastructure, supply chain, and financial services face the most risk. The top sectors threat actors are attacking require near perfect uptime because service disruptions can affect lives, making them more likely to pay a ransom to restore access to their vital systems and data. Manufacturing topped the list of attack sectors in 2023 at 25.66% and had the most ransomware victims posted on social channels with 27.75%.

Ransomware operators and affiliates are using less moral and ethical tactics to obtain payments. They are targeting sectors previously considered off limits, including healthcare, non-profits, and energy companies. They have threatened to release sensitive medical photos or patient records if ransoms are not paid.

Small and medium-sized enterprises face the largest challenge combating cyberthreats. More than 50% of ransomware victims had less than 200 employees while 66% had less than 500 employees, according to the research.

Threat actors continue to exploit vulnerabilities and zero days in the most popular software programs. The list of corporate software options and new vulnerabilities continues to increase while malicious software simultaneously evolves, using generative AI to quickly integrate and exploit high and critical severity vulnerabilities.

Humans remain the weakest link in cybersecurity, and it is getting worse. Hybrid cloud environments, bring your own device, and third-party integrations have expanded the attack surface for most organizations. Cybersecurity roles and responsibilities are expanding, cyber budgets are getting slashed, and there are more tools to complete these responsibilities, increasing staff fatigue and burnout.

“Organizations are struggling to defend against routine exploitation, malware, and ransom or extortion threats,” added Nichols. “The predictions and recommendations in our report offer business and technical leaders a roadmap to make quicker and informed decisions to improve their security posture as these threats exponentially escalate.”

Access the Full Report

For a comprehensive understanding of the most frequent cyberattacks, predictions for future attacks, and recommendations for safeguarding organizations against evolving threats, download the complete 2024 Global Threat Intelligence Report at https://www.security.ntt/global-threat-intelligence-report-2024.

About NTT Security Holdings

NTT Security Holdings, a Group company, provides proactive cyber defense and services that make use of gathered human resources and intelligence to protect our customers and society. For more than 20 years, our company has helped clients protect their digital businesses by predicting, detecting, and responding to cyberthreats, while supporting business innovation and managing risk. Our SOC, R&D centers and security experts deliver unsurpassed threat intelligence and handle hundreds of thousands of security incidents annually. Together, we secure the connected future.


Jeremy Nichols
Director, Global Threat Intelligence Center
NTT Security Holdings
T: +1 (402) 361-3053
E: jeremy.nichols@global.ntt