Home » Spin.AI Blog » Cybersecurity » 4 Ransomware Trends Businesses Should Know in 2023
January 13, 2023 | Updated on: April 11, 2024 | Reading time 7 minutes

4 Ransomware Trends Businesses Should Know in 2023

Avatar photo

Vice President of Product

Ransomware has had a tremendous impact on businesses and individuals around the world. It targets companies of all sizes and exploits the weaknesses in their IT systems. It is important to understand the existing ransomware trends to know how to fight ransomware efficiently.

Cybersecurity experts at SpinOne study ransomware especially precisely. One of our products, SpinRDR, is a unique tool that helps stop ransomware in the cloud office early on. Thereby it minimizes the downtime for any business by 99% and cuts down the negative consequences of a ransomware attack. To continue to improve our solution and keep it up to day, we follow all the major ransomware trends. In the present article, we share our most recent findings along with vital takeaways for businesses.

Ransomware is constantly changing, as well as its impact on the world. That’s why being up-to-date is vital for being safe from ransomware.  Let’s take a look at the most recent trends.

1. Ransomware impact continues to grow

We saw significant growth in every ransomware stat in 2022:

  • Global attacks increased by 28% in the third quarter of 2022 compared to the same period in 2021.
  • The average weekly attacks per organization worldwide reached over 1,130 in 2022
  • The Retail/Wholesale sector has seen the highest increase YoY of ransomware attacks, a 39% increase from the third quarter of 2021.
  • The frequency of cyber-attacks has increased by 12% YoY — with 48% of businesses suffering an attack in the past 12 months.
  • Ransomware payments have risen by 45.9% from $812K in 2022 to $1.5m in 2023.


  1. The increasing digitization of businesses
  2. Global remote work practices due to pandemics
  3. Insufficient budgeting of IT security teams
  4. For many companies it is easier to pay ransom than to search for decryption keys and let authorities investigate
  5. Growth of cyber-criminals and cyber-criminal groups using ransomware
  6. Ransomware-as-a-service is cheap ($40) and easy to purchase on DarkNet
  7. Ransomware doesn’t require special technical skills to carry out the attack
  8. Low risks of being captured for criminals many of whom get support and protection from their home country
  9. Cryptocurrencies make ransom payments easy and unracable.

Takeaways for businesses:

With the constant increase in the number of ransomware attacks, the likelihood of being hit by this type of ransomware for a single business is constantly growing.

2. Most attacks are generic

When we talk about ransomware, most people think about criminals who would learn everything about your company to fetch a very individual email from another employee or CEO of your company (technique called spearphishing). Despite the fact that it is more efficient, most ransomware attacks aren’t targeted or sophisticated. SpinOne cybersecurity experts think that many cybercriminals deliberately add mistakes in their phishing emails. They do it to sift attentive employees as well as people who tend to be suspicious about emails.


  1. Targeted attacks require more resources
  2. Non-sophisticated attacks still work great due to multiple human factors

Takeaways for businesses:

Though training of employees is necessary, it is not enough. Companies need additional layers of protection against ransomware. These are backups, decryption solutions and tools that are able to stop ransomware in action.

3. Double & Triple Extortion

ransomware trends 2022

One of the latest trends in ransomware world is double and triple extortion. Double extortion means that cybercriminals first steal the business’ data and only then encrypt its file system. In triple extortion, they additionally use DDoS attack.

As a result criminals would profiteer not only from the ransom they demand but also from the exploitation of the stolen information. There are several ways the data can be used. First, the criminals can demand ransom for the data from the individuals (e.g. customers or employees of the attacked company). Second, they can sell the information on dark web to other criminals.

Needless to say, the impact of double or triple extortion is more devastating to the company, its employees, partners, and clients. According to cybersecurity experts, the greatest share of the cost of a ransomware attack for a business is operation interruption and recovery.


  1. Ransomware is constantly evolving
  2. The use of backups by many companies cause cybercriminals search for the new ways to exploit the malware.

Takeaways for businesses:

A ransomware attack results in enormous money and reputation losses and even bankruptcy. With the increase of negative consequences of a single ransomware attack, the necessity to prevent it grows. The search for a tool like SpinRDR that is able to decrease the downtime significantly becomes the key goal.

4. Supply chains as a new target

There are two types of supply chains that are lucrative to cybercriminals:

  1. Physical infrastructure.
    These companies have large budgets and have nationwide significance. For example, Colonial Pipeline was hit by ransomware. As a result, the US had severe problems with oil supplies for about a week. Attacks on physical infrastructure can be sponsored by governments.
  2. Applications and software products
    These companies are most interesting due to their clients. Criminals would look for vulnerabilities in their software product to infect individual and corporate users with ransomware and demand ransom from them.


  1. Exploiting supply chains can give access to hundreds or even thousands victims at once.

Takeaways for businesses:

Businesses need tools that will not only protect them from ransomware but also enable control the access of applications to their critical IT systems.

5. Cloud SaaS Ransomware

Modern strains of ransomware can target cloud SaaS data in addition to the on-premise systems. Cybercriminals exploit OAuth to gain access to corporate Google Workspace, Office 365, or Salesforce. They encrypt files and their previous versions preventing companies from using their corporate data.


  1. Ransomware is a multi-billion business needs to increase their revenue by finding new channels
  2. Active cloud SaaS adoption by businesses, partially due to Covid-19.

Takeaways for business:

Businesses need special tools that protect their data stored in Office 365 or Google Workspace.

What Is The Best Way to Resolve A Ransomware Threat?

According to Michael Daum, Senior Cyber Underwriter at AGCS, in 80% of ransomware incidents, losses could have been minimized. He claims that companies didn’t have proper cybersecurity practices at hand.

We suggest some basic rules of ransomware protection:

  • Educate your employees.
  • Audit applications that have access to your IT system and use whitelists.
  • Update your cybersecurity software regularly.
  • Check the new hardware.
  • Give access to system settings and vital data only to trusted users.
  • Monitor suspicious data and user behavior.
  • Back up your data.
  • Create ransomware incident response plan.
  • Use automation tools to carry out the above-mentioned tasks.

SpinOne solutions for Google Workspace and Microsoft 365 365 are exactly what will help you to protect your cloud data from hackers.

SpinOne Is The Best Protection Against Ransomware

To protect your data, SpinOne offers an AI-driven solution for Google Workspace and Microsoft 365.

  • Provides the shortest downtime on market – up to 1 hour.
  • Analyzes data behavior in your cloud office.
  • Detects ransomware within minutes after attack onset.
  • Terminates the attack immediately.
  • Granularly restores data from the backup.
  • Up to 3 automated daily backups.
  • Safe data storage in Azure, GCP, or AWS.
  • At-rest and in-flight  data encryption to keep your data secure in both storage and transit.
  • Indefinite data retention.
  • Reports to monitor the status of your protected data
  • Point-in-time restore to give you a variety of versions to restore from.
  • 100% accurate recovery using the same folders hierarchy from any point in time
  • …And much more.

Try SpinOne for free

Was this helpful?

Thanks for your feedback!
Avatar photo

Written by

Vice President of Product at Spin.AI

Davit Asatryan is the Vice President of Product at Spin.AI

He is responsible for executing product strategy by overseeing the entire product lifecycle, with a focus on developing cutting-edge solutions to address the evolving landscape of cybersecurity threats.

He has been with the company for over 5 years and specializes in SaaS Security, helping organizations battle Shadow IT, ransomware, and data leak issues.

Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley. In his spare time, Davit enjoys traveling, playing soccer and tennis with his friends, and watching sports of any kind.

Featured Work:

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Latest blog posts

The Leading Enterprise Backup Solutions of 2024

As the volume of business data accelerates the demand for enterprise backup solutions has never...

Avatar photo

Product Manager

Read more

Top 8 Tips for Optimizing Cloud Storage in Education

Education institutions are relying on cloud storage more and more. With the announcements from both...

Avatar photo

Vice President of Product

Read more

Top 5 SSPM (SaaS Security Posture Management) Solutions

As businesses increasingly rely on Software as a Service (SaaS) applications for their daily operations,...

Avatar photo

Product Manager

Read more