2023 Ransomware Trends Report

According to the 2023 Ransomware Trends Report (Data Protection), 85% of organizations suffered at least one cyber attack in the preceding twelve months; an increase from 76% experienced in the prior year. To better understand the preparedness and recoverability of cyber attacks, an independent research firm conducted a blind survey of 1,200 unbiased IT leaders whose organizations suffered at least one ransomware attack in 2022. Organizations of all sizes from 14 different countries across APJ, EMEA and the Americas were represented.

The survey asked about the impact that ransomware had on their environments, as well as what their IT strategies and data protection initiatives are moving forward. While analysts forecasted growth in overall IT spending for 2023 between 4.5% by IDC and 5.4% by Gartner, respondents in this survey expect their cyber security (preventative) budgets to grow by 5.6% and their data protection (remediation) budgets to grow by 5.5% in 2023.


The most common element of an incident response playbook is a good backup:

87% of organizations have a risk management program that drives their security roadmap or strategy. That said, only 35% believe their program is working well, while 52% are seeking to improve their situation and the remaining 13% do not yet even have an established program.

Regardless of what you call your program or team that is chartered with planning against cyber events and preparing for how the organization will deal with them, the most common elements of the ‘playbook’ in preparation against a cyber attack are:

  • Clean backup copies, which one might presume includes data that is ‘survivable’ against attacks and does not include malicious code,
  • Recurring verification that the backups are recoverable.

45% of production data was affected by a cyber attack:

This is unfortunately consistent with last year’s 47% affected statistic, with no reason to assume future attacks won’t result in a similar catastrophic amount of data loss or impact.

On average, organizations stated that 45% of their production data was affected by the cyber attack. In looking at the extremes, 25% had a small portion (<20%) of their data affected, while 14% had nearly all (>80%) of their data affected by the attack.

Unfortunately, only 66% of the affected data was recoverable. This calculates that 15% of the organizations’ production data was unrecoverably lost.

As an aside, cyber victims were also asked of their confidence before and after the attack.

In hindsight, only 59% considered themselves ‘prepared’ — and even then, the results did not vary greatly on how impactful the attack was.

Cartels were able to affect the backup repositories in 75% of attacks:

Said another way, one in four organizations had backups to restore from, which is down from last year when one in three organizations had survivable backups.

In fact, bad actors targeted the backup repositories in at least 93% of attacks in 2022, nearly identical to the 94% of repositories that were targeted in 2021. The respondents who stated that “some,” “most” or “all” of their repositories were affected, reveal that on average, 39% of backup repositories were affected.


Critical FortiOS & FortiProxy – Heap buffer overflow Vulnerability: Blog Post
Critical FortiOS and FortiProxy Vulnerability – FG-IR-23-001: Blog PostImportant Vulnerability in VMware ESXi: Blog Post
The core function of a SOC: Blog Post
Play ransomware infection routine: Blog Post
Identify a piece of malware with Yara: Blog Post
New Veeam v12 Platform Overview: Blog Post
OpenSSL patch (v3.0.7) for Vulnerability 2022: Blog Post
Building a SOC: Blog Post
List of vendors and software affected by the OpenSSL vulnerability: Blog Post
Critical OpenSSL Vulnerability version 3.0: Blog Post
Veeam v12 Linux Without SSH And SUDO: Blog PostHardened Repository in Veeam v12: Blog Post
Wasabi Object Storage Usage with Veeam B&R v12: Blog Post
VeeaMover in v12: Blog Post
Ransomware & Cybersecurity with Veeam v12: Blog Post
Why backup directly to Object Storage? Blog Post
Veeam B&R v12 New Features Overview: Blog Post
[REPLAY] Webinar Veeam v12 and Wasabi: Replay
Protect your data with Veeam and Wasabi: Blog post
Wasabi – Object Lock feature spotlight: Blog post
Veeam and the S3-compatible object storage solutions: Blog Post
[PODCAST] VeeamUser Group France #1: Record
Conti initiates their attacks on Backup: Blog Post
Backup with Trusted Repository Storage: Blog Post.
Protect your Backup against Ransomware: Blog Post

Please follow and like us:

Enjoy this blog? Please spread the word :)