Ransomware attacks reached record levels in July 2023, driven by the Cl0p ransomware group’s exploitation of MOVEit software.
In a new report released by NCC Group’s Global Threat Intelligence team, analysts observed a record number of ransomware-related cyberattacks last month, with 502 major incidents tracked. According to the researchers, this represents a 154% increase year-on-year, compared to 198 attacks traced in July 2022.
Also: What is ransomware? Everything you need to know
July’s numbers represent a 16% rise from the previous month, with 434 ransomware incidents recorded in June 2023.
NCC Group says that this record number is due, in no small part, to the activities of Cl0P, a notorious group connected to the exploit of MOVEit software.
Who is Cl0p?
Cl0p, also known or associated with Lace Tempest, was responsible for 171 of 502 attacks in July, many of which are believed to be down to the exploitation of file transfer software MOVEit.
Also: Ransomware has now become a problem for everyone, and not just tech
Cl0p has been around since 2019 and is known as a Ransomware-as-a-Service (RaaS) offering to cybercriminals. Also known as – or associated with – TA505, Cl0p has aggressively pursued high-value targets with the aim of extorting high ransomware payments, and operators will often steal information prior to encryption in what is known as a double-extortion tactic.
If victims refuse to pay up, they risk having their stolen data published online and being named on a public leak site.
The MOVEit exploit
Branded as a “slow-moving disaster,” the MOVEit exploit has impacted hundreds of organizations worldwide, with data belonging to millions of individuals stolen.
In May, Progress Software reported a zero-day vulnerability in the file transfer service, MOVEit Transfer and MOVEit Cloud, which could lead to escalated privileges and potential unauthorized access to customer environments. The problem is that MOVEit is utilized by government agencies and highly-regulated industries, both directly and via software supply chains.
Also: This AI-generated crypto invoice scam almost got me, and I’m a security pro
Alleged victims include the US Department of Energy, Shell, the BBC, Ofcom, the National Student Clearinghouse, and numerous US universities.
Impacted industries
In total, industrial players accounted for 31% of ransomware attacks or 155 recorded incidents.
Industry players include professional and commercial services, manufacturing, construction, and engineering. According to the researchers, professional and commercial services were the most targeted in July, with ransomware gangs Cl0p, LockBit 3.0, and 8Base responsible for 48% of all cyberattacks recorded.
While these sectors have suffered the highest number of ransomware attacks so far this year, consumer cyclicals have ranked second, with 79 attacks – or 16% of the whole in July. This category represents hotels and entertainment, media, retail, homebuilding, the automotive sector, and more.
Also: The best VPN services right now: Expert tested and reviewed
When it comes to technology, ranking third with 72 cases – or 14% of monthly attacks – NCC Group says this industry “has experienced the highest increase in absolute numbers across the top three sectors this month [and] this is likely due to Cl0p’s activity.”
Cl0p was responsible for 39 cyberattacks against the sector, or 54%, and this includes assaults against organizations offering IT and software services, semiconductor suppliers, consumer electronics, and telecommunications services.