The following table presents the top ransomware groups that emerged for the first time in 2023, ranked in order of volume of activity (from most active to least active): Top New Ransomware Groups That Emerged in 2023 (based on activity volume): Ransomware Group Active Since Description Hunters 10.2023 RaaS, rebrand of Hive ransomware, active from Jun. 2021 until seized by law enforcement in Jan. 2023. First observed Oct. 2023. Uses double extortion BlackSuit 05.2023 Rebrand of Royal ransomware (first seen Jan. 2022). A Dark Web extortion & data leak site are used for double extortion NoEscape 05.2023 RaaS, hosts a TOR-based blog to list victims & host exfiltrated data of victims that do not comply with demands Rhysida 05.2023 One of the top 10 active ransomware groups in 2023 (see table above) Akira 03.2023 One of the top 10 active ransomware groups in 2023 (see table above) Abyss 03.2023 Targets corporate networks, uses double extortion & threatens to publicly leak data on Dark Web extortion site. Most victims are in the US, from different industries (e.g. construction, manufacturing, healthcare, financial services, legal services, technology) Cactus 03.2023 Relies on known vulnerabilities and off-the-shelf software Knight 08.2023 Rebrand of Cyclops ransomware, operates as RaaS & hosts TOR-based blog to list victims’ names & exfiltrated data MalasLocker 03.2023 Claims to donate to a charity to provide decryption tool & prevent data leakage of victims, instead of demanding a typical ransom 05.2023 BlackSuit Rhysida NoEscape 08.2023 Knight 03.2023 Akira Cactus Abyss MalasLocker Hunters 10.2023 Year of GenAI 2 Threat Snapshot 3 Vulnerability Intelligence 4 Stolen Access Credentials 6 Tips 7 Ransomware 5 Key Findings 1