article featured image


New ransomware trends are on the rise as ransomware has emerged as one of the most formidable cyber threats in recent years, causing significant disruptions to businesses, governments, and individuals worldwide. 

As we step into 2023 and beyond, it’s crucial to examine the evolving landscape of ransomware trends and predict the future of ransomware attacks. 

This article will explore the latest ransomware trends and offer insights into what we can expect in the fight against ransomware.

ransomware trends and evolutions for 2023

The Rise of Triple Extortion Ransomware

One of the most significant developments in ransomware attacks has been the evolution of triple extortion ransomware tactics. Initially, ransomware attackers simply encrypted victim data and demanded a ransom for its release. 

However, this approach has evolved to include three essential extortion methods:

  1. Encrypting Data: Attackers still encrypt victim data as the primary threat. 
  2. Data Theft: In addition to encryption, attackers steal sensitive information and threaten to release it unless a ransom is paid. 
  3. DDoS Attacks: Some ransomware groups have added distributed denial-of-service (DDoS) attacks to their tactics, crippling victims’ online operations until a ransom is paid.

This triple-threat approach increases the pressure on victims to pay, as they face the loss of data and the risk of data exposure and operational downtime.

For instance, LAPSU$, a group believed to have targeted heavyweights like Microsoft, Nvidia, Uber, and Rockstar Games, gained prominence by extorting their victims and posting stolen data online when they failed to meet the group’s demands.  

As a result, cybersecurity leaders must carefully consider all vulnerabilities within their organizations as adversaries find more ways to profit from their targets. In today’s interconnected world, where cyber threats continue to evolve and grow in sophistication, individuals and organizations need to prioritize patching and vulnerability scanning to protect their systems and data from potential data breaches

Profiting Data Monetization 

The next ransomware trend is profiting data monetization. As you may already know, ransomware groups steal or encrypt data to extort victims, but stolen data isn’t just valuable to its rightful owners. Adversaries can access a wealth of company secrets and sensitive documents using a compromised machine. 

Even though ransomware groups aren’t known for the widespread monetization of data, it’s a well-established underground market that these groups are poised to take advantage of as brokers for other cybercriminals—maximizing profits and minimizing exposure.  

As a result, even a single breach could result in disaster since sensitive data might fall into the hands of bad actors or end up being posted online to cause additional damage to your organization.

Cloud-Based Endpoint Targeting 

The landscape of endpoint vulnerabilities is shifting as more organizations move to the cloud. However, even though security teams have already adapted to the decentralized nature of the cloud, misconfigurations and unpatched vulnerabilities remain prime targets for ransomware groups. 

Cloud resources challenge adversaries due to their diffuse nature, but they are developing new strategies that utilize idle resources. For example, according to a study by Google’s Cybersecurity Action Team, 86% of compromised cloud instances are used for mining cryptocurrency.  

In addition to deploying ransomware on compromised systems, adversaries can sell access to more established ransomware groups already engaged in crypto-jacking. 

One compromised endpoint can give adversaries access to sensitive data in the cloud, as the crypto mining group TeamTNT demonstrated. 

Choosing Unusual Platforms to Target 

When any breach can prove devastating, cyber security leaders know that no attack vector is small enough to ignore. Since ransomware groups appreciate the value of business-critical devices without backups, uncommon platforms could pose the greatest threat to your organization. 

In 2017, researchers from the Georgia Institute of Technology demonstrated that ransomware could be deployed to a program logic controller (PLC) using tried-and-true exploits. Unfortunately, such devices could be prohibitively expensive to rebuild or replace, precisely what ransomware groups look for in their victims. 

The threat of such devastating vulnerabilities is far more common than you might think. For example, it has been found that many business-critical systems can be held hostage by adversaries if they are connected to the internet. In addition, ransomware groups can change administrative passwords and make rebooting a network or equipment complex as part of their malicious actions. 

Automation as a Means of Upscaling  

Increasingly, even adversaries are taking advantage of time- and cost-saving automation. Just like professional organizations, ransomware groups automate tasks to maximize revenue.

As a result, system penetration, the most costly stage of a ransomware attack, can now be streamlined, enabling adversary groups with fewer members or resources to be more aggressive. As a result, cybersecurity leaders will have to fend off more attacks as they move laterally through affected environments when deterring threats is the most costly process. 

As part of their attacks, ransomware actors with a high volume of breaches, such as Cerber, are already using blockchain technology. By harnessing AI and machine learning solutions, successful teams can rapidly pinpoint and respond to attacks. 

Exploiting Zero-Day Vulnerabilities 

User credentials—stolen, leaked, or purchased from online markets—are the most direct routes for crafty adversaries to breach target networks. Software is also vulnerable to exploits. It is not out of the question that the evolving, professional ransomware group will exploit zero-day vulnerabilities

Ransomware groups could exploit the same unknown vulnerability several times if they hired an exploit developer to find it for them. So far, no groups have been identified employing this approach, but it’s not out of the question given the value of such an exploit for a team of malicious actors. For vulnerabilities in LockBit‘s encryption algorithm, a $50,000 bounty has even been posted.

AI-Powered Ransomware

As artificial intelligence (AI) and machine learning (ML) technologies continue to advance, there is a growing concern that cybercriminals will leverage AI to make ransomware attacks more targeted and sophisticated. 

Ransomware groups can use AI to identify vulnerabilities, craft convincing phishing emails, and adapt attack tactics in real time, posing a significant challenge for cybersecurity professionals.


Ransomware threats are evolving rapidly, and attackers are becoming more sophisticated in their tactics. Organizations must invest in robust cybersecurity measures, employee training, and compliance with emerging regulations to stay ahead of this growing menace.

Additionally, international collaboration and technological innovations will be crucial in combating ransomware in 2023 and beyond. Vigilance and proactive measures are essential to protect against this ever-evolving threat.

How Can Heimdal® Protect You Against Ransomware Attacks?

Heimdal’s exclusive Ransomware Encryption Protection technology was designed to thwart even the most sophisticated ransomware attacks in the cloud and on-premises, preventing and protecting rather than mitigating.

Here’s a quick rundown of what Ransomware Encryption Protection can do for your business:

  • Prevent data breaches by protecting your networks and endpoints against fraudulent encryption attempts;
  • Eliminate downtimes caused by ransomware attacks;
  • Reduce and eliminate post-ransomware impacts;
  • Improve the detection capabilities of your current cybersecurity software;
  • Increase conformity;
  • Get comprehensive defense against zero-day vulnerabilities;
  • Combine with any SIEM for improved detection of policy violations.

Ready to take it for a spin? Click here for a personalized demo.

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube, for more cybersecurity news and topics.

Author Profile

Gabriella Antal

SMM & Corporate Communications Officer

linkedin icon

Gabriella is the Social Media Manager and Cybersecurity Communications Officer at Heimdal®, where she orchestrates the strategy and content creation for the company's social media channels. Her contributions amplify the brand's voice and foster a strong, engaging online community. Outside work, you can find her exploring the outdoors with her dog.

Leave a Reply

Your email address will not be published. Required fields are marked *