1、Ransomware and Extortion Report 2023|2Executive Summary.3Extortion Is on the Rise.5Why Having Backups Is No Longer Enough.7Common Extortion Tactics.9Who Is Being Attacked?.14Insights From Dark Web Leak Sites.15Industries Most Heavily Impacted.18Regions Most Heavily Impacted.21What Are Extortion Thre

2、at Groups After?.22What You Can Expect From an Attack:An Example Ransomware Incident.25When APTs Use Ransomware.29Conclusion:What to Expect From Extortion Groups in 2023.32Reach Out to Experts.38Methodology.39Unit 42 Incident Response Methodology.40About Palo Alto Networks and Unit 42.41Table of Con

3、tentsThreat actors are increasingly employing extortion techniques to gain leverage over targeted organizations and accomplish their goals.While much attention has been paid to ransomware in recent years,modern threat actors increasingly use additional extortion techniques to coerce targets into pay

4、ingor dispense with ransomware altogether and practice extortion on its own.While in many cases the motivation is financial,Unit 42 also sees indications that extortion can happen in service of a groups larger goalssometimes simply to fund other activities,but other times to distract from them.Execu

5、tive SummaryOrganizations,in turn,need to evolve defenses to address the various methods threat actors use to apply pressure.Incident response plans today need to involve not only technical considerations but also safeguards for an organizations reputation and considerations for how to protect emplo

6、yees or customers who may become targets for some of extortionists more aggressive tactics.In our review of incident response cases,as well as our threat intelligence analysts assessment of the larger threat landscape,we noted some key points:Ransomware and Extortion Report 2023|3MMulti-extortion ta