Top Ransomware Examples to Watch in 2023

Steven Jul 09, 2026

In the ever-evolving landscape of cyber threats, ransomware remains one of the most prominent and sophisticated. As we step into 2023, it's crucial to stay informed about the latest trends and examples of ransomware to better protect your digital assets. This article explores some of the most notable ransomware examples and trends to expect in 2023.

Explains the phishing email vector of ransomware
Explains the phishing email vector of ransomware

Ransomware, a type of malware that encrypts a victim's files and demands payment in exchange for the decryption key, has evolved significantly over the years. From simple encryption to complex double extortion schemes, ransomware operators have continually adapted their tactics to maximize profits. Let's delve into some of the most significant ransomware examples and trends that have emerged in recent months and are expected to shape the threat landscape in 2023.

What is Ransomware? Definition, Prevention & Removal | KnowBe4
What is Ransomware? Definition, Prevention & Removal | KnowBe4

Evolving Ransomware Tactics in 2023

Ransomware operators are continuously refining their strategies to bypass traditional security measures and increase the likelihood of successful attacks. Some of the most prominent evolving tactics include:

How Ransomware Spreads Inside Companies ⚠️
How Ransomware Spreads Inside Companies ⚠️

1. Double Extortion: Initially introduced in 2020, double extortion ransomware attacks have become increasingly popular among cybercriminal groups. In these attacks, threat actors not only encrypt the victim's data but also exfiltrate sensitive information, threatening to leak it publicly if the ransom is not paid. This tactic significantly increases the pressure on victims to comply with the attacker's demands.

Ransomware-as-a-Service (RaaS)

"Ransomware Explained in Simple Words"
"Ransomware Explained in Simple Words"

RaaS has democratized ransomware attacks, allowing less skilled cybercriminals to launch sophisticated campaigns. In a RaaS model, developers create and maintain the ransomware, while affiliates handle the distribution and negotiation with victims. The developers typically receive a percentage of the ransom payments in exchange for their services.

One of the most notorious RaaS examples is Ryuk, which has been active since 2018 and has targeted numerous high-profile organizations, including hospitals, schools, and businesses. Ryuk operators have employed various tactics, such as exploiting remote desktop protocol (RDP) vulnerabilities and using phishing campaigns to gain initial access to target networks.

Island Hopping and Living-off-the-Land Techniques

Infographic: Ransomware By The Numbers - InfographicBee.com
Infographic: Ransomware By The Numbers - InfographicBee.com

Ransomware operators are increasingly adopting stealthier approaches to evade detection and maintain persistence within target environments. Island hopping involves compromising multiple systems within an organization to avoid detection and make it more difficult for security teams to respond effectively. Living-off-the-land techniques, on the other hand, leverage legitimate tools and software already present on a target system to carry out malicious activities, minimizing the risk of detection.

For example, the Conti ransomware group, which emerged in 2020, has been known to employ island hopping tactics to compromise multiple systems within a target organization before deploying the ransomware. Conti operators have also been observed using living-off-the-land techniques, such as abusing Windows built-in tools like PowerShell and Certutil to facilitate their attacks.

Notable Ransomware Examples in 2023

Wanna Cry ransomware (Wanna Decryptor) Finding Yourself
Wanna Cry ransomware (Wanna Decryptor) Finding Yourself

As we progress through 2023, several ransomware groups have already made headlines with their sophisticated attacks and significant payouts. Some of the most notable ransomware examples include:

LockBit 2.0

How Ransomware Attacks Work Step by Step
How Ransomware Attacks Work Step by Step
Inside a ransomware attack: how dark webs of cybercriminals collaborate to pull them off
Inside a ransomware attack: how dark webs of cybercriminals collaborate to pull them off
Types of Ransomware
Types of Ransomware
an error message from the computer screen
an error message from the computer screen
HelloXD: il nuovo ransomware per Linux e Windows
HelloXD: il nuovo ransomware per Linux e Windows
Do not reboot your PC if you get WannaCry ransomeware - try this instead - Liliputing
Do not reboot your PC if you get WannaCry ransomeware - try this instead - Liliputing
Ransomware: How it works?
Ransomware: How it works?
🛡️ Ransomware DOs & DON'Ts 🛡️
🛡️ Ransomware DOs & DON'Ts 🛡️
Ransomware 3.0 in 2026: Double Extortion and RaaS Targeting Your Business
Ransomware 3.0 in 2026: Double Extortion and RaaS Targeting Your Business
In the Bitcoin Era, Ransomware Attacks Surge
In the Bitcoin Era, Ransomware Attacks Surge
Do's & Dont's to stay safe from Ransomware...!!
#Cybersecurity #websecurity #security #onlinesecurit
Do's & Dont's to stay safe from Ransomware...!! #Cybersecurity #websecurity #security #onlinesecurit
an orange and white flyer with information about how to protect your computer from malware
an orange and white flyer with information about how to protect your computer from malware
Ransomware Explained: File Encryption & Cyber Extortion
Ransomware Explained: File Encryption & Cyber Extortion
a man in a hat and orange shirt is working on a laptop with the words ransomware - as - a service raas
a man in a hat and orange shirt is working on a laptop with the words ransomware - as - a service raas
an info sheet with skulls and bones on it, including the words report that ransomware attacks
an info sheet with skulls and bones on it, including the words report that ransomware attacks
WannaCry Ransomware Attack Launched By North Korea, Says British Intelligence
WannaCry Ransomware Attack Launched By North Korea, Says British Intelligence
The Rise Of Ransomware Attack
The Rise Of Ransomware Attack
WannaCry Ransomware: Here's what you should know about it.
WannaCry Ransomware: Here's what you should know about it.
AnyTech365 IoT Security Solutions
AnyTech365 IoT Security Solutions
This ransomware lets crooks spot their victim on a map
This ransomware lets crooks spot their victim on a map

LockBit 2.0, an evolution of the original LockBit ransomware first discovered in 2019, has emerged as one of the most active and sophisticated ransomware strains in 2023. LockBit 2.0 operators have targeted numerous organizations, including manufacturing, healthcare, and finance sectors, demanding ransoms ranging from $40,000 to $2 million.

LockBit 2.0 is notable for its use of double extortion tactics, as well as its innovative affiliate program, which allows affiliates to customize the ransomware's behavior and even create their own ransom notes. The group has also been observed employing advanced techniques, such as using custom-built tools to evade detection and exfiltrate data from target environments.

BlackCat (ALPHV)

BlackCat, also known as ALPHV, is a relatively new ransomware group that emerged in late 2022. Despite its short history, BlackCat has quickly established itself as a significant threat, targeting organizations in various sectors, including finance, healthcare, and retail. BlackCat operators have been observed employing double extortion tactics and demanding ransoms ranging from $50,000 to $1 million.

BlackCat is notable for its use of the Rust programming language, which is less commonly used in ransomware development. This choice allows the group to create more portable and stealthy ransomware variants that are difficult to detect using traditional security measures. BlackCat operators have also been observed employing advanced techniques, such as using custom-built tools to evade detection and exfiltrate data from target environments.

As we continue to navigate the ever-changing threat landscape in 2023, it's crucial for organizations to stay informed about the latest ransomware trends and examples. By understanding the evolving tactics and techniques employed by ransomware operators, businesses can better protect their digital assets and develop more effective response strategies. As the final paragraph, it's essential to remember that the key to successful ransomware defense lies in a proactive, multi-layered approach that combines robust security measures, regular employee training, and comprehensive incident response plans. By staying vigilant and adaptable, organizations can effectively mitigate the risks posed by ransomware and other emerging cyber threats.