One in Six Attacks on U.S. Government Offices Linked to LockBit
September 21, 2023

Trend Micro data shows new ransomware victims surged 47% in six months

DALLAS, Sept. 21, 2023 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today published data revealing that one in every six ransomware attacks targeting U.S. government offices was traced back to the LockBit ransomware group. The report also noted that the number of new victims increased by 47% from the second half of 2022.

Trend's data shows many ransomware threat actors focus on smaller organizations they presume to be less well-defended.

To read a copy of the report, LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023, please visit:

Jon Clay, VP of threat intelligence at Trend: "We've observed a significant increase in the number of ransomware victims since the second half of 2022. Threat actors continue to innovate, target more victims, and cause significant financial and reputational damage. Organizations of all sizes must prioritize and enhance their cybersecurity posture. Our report should help network defenders, policymakers, and other stakeholders make better-informed decisions in the ongoing fight against ransomware."

The report* revealed that many ransomware threat actors are no longer going after "big game" targets, instead focusing on smaller organizations they presume to be less well-defended.

Organizations of up to 200 employees accounted for a majority (57%) of LockBit victims and a plurality (45%) of Black Cat victims in the first half of this year. For Clop, large enterprises accounted for half (50%), with small businesses comprising 27%.

U.S.-based organizations remain a prime target for ransomware operators, with the highest number of ransomware victims in the first half of 2023 (949) – accounting for nearly half of all ransomware attacks. This figure represents a 69.94% increase compared to the second half of 2022. The U.K. (132) and Canada (88) were the next most affected countries.

The incidence of ransomware attacks targeting U.S. government offices in 2022 has revealed that the LockBit ransomware group was responsible for one in every six of these attacks. This highlights the persistent threat posed to government agencies in the U.S.

Other findings from the report include:

  • 47% increase in new Ransomware as a Service (RaaS) victims, from 1,364 in 2H 2022 to 2,001 in 1H 2023
  • 11.3% increase in the number of new RaaS groups over the period to 69 in 1H 2023
  • LockBit, the top ransomware family since 2022, accounted for 26.09% of total victim organizations, with BlackCat and Clop responsible for 10.59% and 10.09% of attacks, respectively.
  • The banking, retail, and transportation sectors were the most targeted in 1H 2023.
  • I.T., healthcare, and manufacturing emerged as the most targeted sectors in terms of ransomware file detection.

*The report is compiled with data collected from ransomware-as-a-service (RaaS) and extortion groups' leak sites, Trend Micro's open-source intelligence (OSINT) research, and the Trend Micro™ Smart Protection Network™.

About Trend Micro

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world.

SOURCE Trend Micro Incorporated

For further information: Trend Micro Communications, 817-522-7911,