There were more ransomware attacks last month than any other on record

News
By Sead Fadilpašić
published

Clop has certainly left its mark on the ransomware world

Conceptual art of a computer system being hacked.
(Image credit: Getty Images)

Thanks to the Clop ransomware group and its exploit of a flaw in Fortra’s GoAnywhere MFT secure file transfer tool, March 2023 was a record-breaking month for ransomware attacks.

New figures from NCC Group claim there had been 459 ransomware attacks recorded in March 2023 - up 91% compared to February, and up 62% compared to the same month in the previous year. 

Records were broken mostly because Clop, allegedly a Russian threat actor, discovered a zero-day in GoAnywhere MFT, a secure file transfer tool from Fortra, which was in use by some major corporate names. By abusing the zero-day, now tracked as CVE-2023-0669, the hackers managed to steal data and deploy ransomware on dozens of organizations. 

Dethroning LockBit 3.0

After leaking data from its first victim, Clop said 130 organizations were compromised, which isn’t wide of the mark given NCC Group’s assessment of 129 recorded attacks. The researchers said this makes clop “the most active ransomware gang” for the first time in its operational history.

Clop even managed to dethrone the infamous LockBit 3.0, which conducted 97 attacks in the same timeframe. Other notable mentions for March 2023 include Royal ransomware, BlackCat (AKA ALPHV), Bianlian, Play, Blackbatsa, Stormous, Medusa, and Ransomhouse. 

Read more

 > Hitachi Energy confirms data breach after being hit by Clop ransomware

> Hatch Bank says 140,000 customers had data stolen after breach

> Here's our rundown of the best endpoint protection

“Industrials” - construction, engineering, transport services, commercial and professional services, and more - were the most popular targets, with 147 (32%) ransomware attacks. “Consumer Cyclicals” - construction suppliers, hotels, media, and more - were second-placed, NCC Group said. Other notable mentions include technology, healthcare, financials, and educational services.

NCC Group also mentions that ransomware operators don’t really care who they’re attacking. Every incident is opportunistic, rather than targeted, despite the fact that some industries suffered more than others. Almost half of all attacks (221) happened in North America, with Europe following in second-place with 126 incidents. Asia rounds off the top three with 59 attacks.

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.