Daily Guardian UAEDaily Guardian UAE
  • Home
  • UAE
  • What’s On
  • Business
  • World
  • Entertainment
  • Lifestyle
  • Sports
  • Technology
  • Travel
  • Web Stories
  • More
    • Editor’s Picks
    • Press Release
What's On

It’s hot out there, but please stop putting your warm phones in the fridge

July 15, 2026

Frontier joins the Starlink club with high-speed in-flight internet

July 15, 2026

PlayStation Store’s Summer Sale starts July 15 with up to 75% off hundreds of games

July 15, 2026

Starlink V5 is here, and it’s lighter, smarter, and far more efficient

July 15, 2026

Xbox and Nvidia want Gears of War: E-Day to show off what RTX PCs can really do

July 15, 2026
Facebook X (Twitter) Instagram
Finance Pro
Facebook X (Twitter) Instagram
Daily Guardian UAE
Subscribe
  • Home
  • UAE
  • What’s On
  • Business
  • World
  • Entertainment
  • Lifestyle
  • Sports
  • Technology
  • Travel
  • Web Stories
  • More
    • Editor’s Picks
    • Press Release
Daily Guardian UAEDaily Guardian UAE
Home » Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
What's On

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

By dailyguardian.aeMarch 26, 20244 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

Executive Summary

The ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups.

What drove this surge of activity? 2023 saw high-profile vulnerabilities like SQL injection for MOVEit and GoAnywhere MFT services. Zero-day exploits for these vulnerabilities drove spikes in ransomware infections by groups like CL0P, LockBit and ALPHV (BlackCat) before defenders could update the vulnerable software.

Leak site data reveals at least 25 new ransomware groups emerged in 2023, indicating the continued attraction of ransomware as a profitable criminal activity. Despite the appearance of new groups such as Darkrace, CryptNet and U-Bomb, many of these new ransomware threat actors did not last and disappeared during the second half of the year.

2023 was an active year for international law enforcement agencies as they intensified their focus on ransomware. This focus led to the decline of groups like Hive and Ragnar Locker and the near collapse of ALPHV (BlackCat). Law enforcement actions in 2023 reflect the increasing challenges faced by ransomware groups.

Ransomware threat actors targeted a wide range of victims with no preference for specific industries.

Leak site data collected by Unit 42 indicates that manufacturing was the most affected industry in 2023 including the EMEA region, signaling significant vulnerabilities in this sector. In the EMEA region, the wholesale and retail industry, along with the professional services industries, were amongst the top three affected industries. Although organizations from at least 120 different countries have been impacted by ransomware extortion, the U.S. stood out as the primary target of ransomware, with 47% of ransomware leak site posts in 2023 revealed victim organizations were based in the U.S.

Palo Alto Networks customers are better protected from the threats discussed in this article through our Next-Generation Firewall with Cloud-Delivered Security Services, including Advanced WildFire, DNS Security, Advanced Threat Prevention and Advanced URL Filtering.

Cortex Xpanse can be used to detect vulnerable services. Cortex XDR and XSIAM customers have been protected from all known active ransomware attacks of 2023 out of the box, without additional protections having to be added to the system. The Anti-Ransomware Module helps prevent encryption behavior, local analysis helps prevent the execution of ransomware binaries, and Behavioral Threat Protection helps prevent ransomware activity. Prisma Cloud Defender Agents can monitor Windows VM instances for known malware.

Leak Sites and Our Dataset

Analysis for this article is based on data from ransomware leak sites, sometimes known as dedicated leak sites and abbreviated as DLS.

Ransomware leak sites first appeared in 2019, when Maze ransomware began using a double extortion tactic. Stealing a victim’s files before encrypting them, Maze was the first known ransomware group to establish a leak site to coerce a victim and release stolen data.

These threat actors pressure victims to pay – not only to decrypt their files, but to prevent the attackers from publicly exposing their sensitive data. Since 2019, ransomware groups have increasingly adopted leak sites as part of their operations.

Our team monitors data from these sites, often accessible through the dark web, and we review this data to identify trends. Since leak sites are now commonplace among most ransomware groups, researchers often use this data to determine overall levels of ransomware activity and pinpoint the date a specific ransomware group was first active.

However, defenders should use leak site data with caution because it might not always reflect actuality. A ransomware group might start without a leak site as it builds its infrastructure and expands operations. Furthermore, if a victim offers immediate payment, the ransomware incident might not appear on a group’s leak site. As a result, leak sites do not always provide a clear or accurate picture of a ransomware group’s activities. The true scope of ransomware’s impact might be different from what these sites suggest.

Despite these drawbacks, data pulled from ransomware leak sites provides valuable insight on the state of ransomware operations in 2023.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Keep Reading

Jewellery Brand Palmonas Launches in UAE at Reem Mall

Dealing.com Breaks World Record with 24,000+ Tokenised Stocks

مبادرات جديدة لمركز ميموريال سلون كيترنغ لعلاج السرطان تُدخل الذكاء الاصطناعي إلى الرعاية اليومية لمرضى السرطان

UAE’s Digital Engagement Amid Cybersecurity Fears

Sheikha Bodour’s Arabic Libraries Boost Literacy in Malaysia

Sanofi Announces Expanded Proactive Care for a Disease Modifying Therapy in Type 1 Diabetes

Aldar and PureHealth: Pioneering Wellness Communities in Abu Dhabi

New MOU Enhances Boxer Safety and Brain Health in UAE

National Bonds Places “Generation Shapers” at the Heart of Its Year of Family Agenda

Editors Picks

Frontier joins the Starlink club with high-speed in-flight internet

July 15, 2026

PlayStation Store’s Summer Sale starts July 15 with up to 75% off hundreds of games

July 15, 2026

Starlink V5 is here, and it’s lighter, smarter, and far more efficient

July 15, 2026

Xbox and Nvidia want Gears of War: E-Day to show off what RTX PCs can really do

July 15, 2026

Subscribe to News

Get the latest UAE news and updates directly to your inbox.

Latest Posts

Made by Google August 2026: Everything we expect from the Pixel 11 launch event

July 15, 2026

Jewellery Brand Palmonas Launches in UAE at Reem Mall

July 15, 2026

Can AI audiobooks narrate better than humans? This study says many listeners think so

July 15, 2026
Facebook X (Twitter) Pinterest TikTok Instagram
© 2026 Daily Guardian UAE. All Rights Reserved.
  • Privacy Policy
  • Terms
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.