Skip to main content

Woburn, MA – February 20, 2024 – New in-depth research by Kaspersky shows a 30% surge in the number of targeted ransomware groups globally from 2022 to 2023. Within the same time period, the number of victims of targeted ransomware attacks spiked by 70%. Researchers shared these insights at Kaspersky’s ninth annual Cyber Security Weekend – META, which took place in Kuala Lumpur.

Similar to regular businesses, targeted ransomware groups hire cybercriminals as employees to run extensive operations to launch increasingly sophisticated targeted ransomware attacks. Unlike common ransomware attacks, which target victims arbitrarily, targeted ransomware groups are notorious for attacking governments, specific high-profile organizations, or selective groups of people within an organization.

Kaspersky researchers closely monitored about 60 targeted ransomware groups in 2023, compared to about 46 groups in 2022, and discovered incidents that indicated collaboration between targeted ransomware groups. In some cases, groups known for trading access points into corporate networks and systems sold initial points of entry to advanced ransomware groups that are capable of launching more sophisticated attacks. Since cybercriminals have to cross multiple stages to launch a targeted ransomware attack, such collaborations allow them to save time and go straight into network reconnaissance or infection.

In 2023, marking its seventh year as a key contributor to the No More Ransom initiative, Kaspersky's free decryption tools were downloaded more than 360,000 times, aiding data recovery for over 2 million users affected by ransomware. However, despite these significant accomplishments, ransomware payments globally surpassed $1.1 billion in 2023, marking an unprecedented high.

“Targeted ransomware groups are very persistent and have a huge appetite for extortion,” said Maher Yamout, Senior Security Researcher at Kaspersky. “For example, if a victim refuses to pay ransom, the cybercriminals often threaten to make the stolen data public. In some cases, these cybercriminals also filed GDPR or SEC complaints in certain regions against the victim organizations for breaking data protection laws.”

To protect your business from targeted ransomware attacks, consider following the tips from Kaspersky:

·       Keep all devices and systems updated to prevent attackers from exploiting vulnerabilities.

·       Set up offline backups that intruders cannot misuse, and make sure you can access it quickly in an emergency.

·       Use a reliable endpoint security solution, such as Kaspersky Endpoint Security for Business that is powered by exploit prevention, behavior detection and a remediation engine that is able to roll back malicious actions. KESB also has self-defense mechanisms which can prevent its removal by cybercriminals. 

·       The Kaspersky Threat Intelligence is also an essential tool to have which can provide in-depth  data and real-time insights on the history, motivations and operations of targeted ransomware groups.

·       Kaspersky has developed free tools for public use such as the Kaspersky Anti-Ransomware tool and No Ransom, that helps block ransomware and decrypt files.  

·       Employee education and cybersecurity training is necessary as human error is a common cause for cybersecurity breach and can serve as an initial point of access for ransomware attacks.


About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 220,000 corporate clients protect what matters most to them. Learn more at


Media Contact

Sawyer Van Horn

(781) 503-1866


Kaspersky: Targeted ransomware groups have grown in numbers and sophistication

Kaspersky Logo