01Threat Actor Distribution
- LockBit 3.0 accounted for 62 victims, representing 19.4% of total activity.
- Play followed with 39 disclosures.
- Other and Noescape remained consistently active.
02Geographic Distribution
- USA represented 46.3% of all tracked victims.
- Other was among the next most impacted countries.
- UK and Italy also saw notable activity.
03Industry Distribution
- Manufacturing remained the most targeted sector.
- Professional Services followed as a heavily impacted sector.
- Healthcare and Education continued to be operationally critical targets.
04Threat Actor × Country Matrix
The matrix below shows how leading ransomware groups distributed their activity geographically.
Others
Ransomed.vc
INC Ransom
BianLian
Black Basta
Akira
Knight
Medusa
8Base
AlphaVM (BlackCat)
Noescape
Play
LockBit 3.0
USA
32
1
5
5
2
8
3
4
12
16
8
30
22
UK
7
3
2
1
2
1
3
5
7
Italy
4
2
5
3
1
2
1
Canada
2
1
2
2
1
1
5
Brazil
2
3
3
1
France
1
3
1
2
Australia
2
1
1
2
Spain
3
1
2
Belgium
1
1
3
Iran
5
Germany
1
1
1
1
India
1
1
1
1
Netherlands
1
3
Chile
1
1
1
Mexico
2
1
Puerto Rico
1
2
Other countries
8
2
1
3
2
3
1
2
4
6
3
15
- USA activity was heavily concentrated in Others.
- Some actors demonstrated narrow targeting patterns.
05Threat Actor × Industry Matrix
This view highlights sector specialization across leading ransomware groups.
Medusa
LockBit 3.0
BianLian
Play
Others
Black Basta
Noescape
Ransomed.vc
8Base
AlphaVM (BlackCat)
Akira
INC Ransom
Knight
Agriculture and Fishing
1
Utilities
1
Management of Companies
1
1
1
Accommodation
1
1
1
Arts and Entertainment
1
1
2
Mining
1
1
1
2
Finance and Insurance
1
1
1
1
1
Wholesale
2
3
1
1
Real Estate
1
1
1
3
1
1
1
Other Services
1
4
1
3
1
2
1
1
1
Public Administration
1
1
2
5
1
3
1
1
Transportation
5
2
3
1
1
1
4
Construction
6
4
2
2
3
2
Retail Trade
1
5
1
4
1
3
1
1
2
Remediation Services
1
1
5
2
1
1
3
2
2
1
Information
2
4
1
6
1
1
1
1
3
Education
3
11
3
1
2
1
1
Healthcare
3
3
6
3
1
3
2
1
Professional Services
2
10
2
6
6
3
6
6
7
3
2
Manufacturing
4
12
3
9
11
3
5
1
7
4
1
- Manufacturing activity was heavily concentrated in LockBit 3.0.
- Some actors demonstrated narrow targeting patterns.
06Six Month Trend Context
07Key Takeaways
- 320 ransomware disclosures were observed in October 2023.
- LockBit 3.0 led activity with 62 victims.
- USA accounted for 46.3% of disclosures.
- Manufacturing remained the most targeted industry.
08Data Methodology and Sources
- Victim counts are based on publicly disclosed ransomware leak site postings tracked during the reporting period.
- Each victim is attributed to a single threat actor based on disclosure source.
- Industry classification is assigned using standardized sector mapping.
- Country attribution is based on headquarters location where identifiable.