Coveware’s Q1 report for 2023:
Midway through Q1 the winds of progress shifted, and we observed a material increase in attacks on large enterprises that achieved levels of impact that we had not observed since before the Colonial Pipeline attack in May 2021. In 2019 and 2020 it was fairly common to see large enterprises become completely paralyzed by ransomware encryption. This evolved in the quarters that followed the Pipeline attack. We highlighted the key reasons for ransom payment contraction last quarter, which focused on enterprises realizing a return on security & incident response training investments, law enforcement activity, and the compounding nature of contracting unit economics within the cyber extortion industry. These factors were countered by behavioral shifts from the threat actors towards more fluid operations. These we highlighted in Q2 2022, to show how ransomware actors were treading more lightly in response to better security and LE takedowns.
Read more of their findings and statistics at Coveware.