Worrying increase in ransomware attacks in 2023
The sectors most affected and the implications for cybersecurity
Corvus Insurance report shows that ransomware attacks increased by 95% in 2023 compared to the previous year. CL0P Group was responsible for much of the activity, but other industries such as law firms, government agencies and the oil sector saw significant increases. It is essential to implement adequate security controls to mitigate this threat.
Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.
Corvus Insurance, the leading cyber insurance underwriter powered by a proprietary AI-powered cyber risk platform, has released its Q3 2023 Global Ransomware Report, which analyzes data from ransomware leak platforms to monitor trends in evolution. According to the report, ransomware attacks continue at a record pace, with global ransomware attack frequency in Q3 2023 increasing 11% compared to Q2 and 95% year-over-year (YoY).
Rise of the CL0P Group
The CL0P ransomware group played a leading role in this surge in ransomware activity in 2023. CL0P emerged in the first quarter leveraging the GoAnywhere file transfer software, affecting more than 130 victims. In the second quarter, CL0P struck again by independently using one of its zero-day exploits within the MOVEit file transfer software, affecting 264 victims at the time of this report. This single MOVEit vulnerability accounted for 9% of victims listed in Q2 and 13% of victims listed in Q3. Even without these spikes in attack activity from CL0P, ransomware numbers would still have increased 5% over the second quarter and 70% year-over-year in the third quarter.
Cutting summer break by threatening actors
Typically, ransomware follows seasonal patterns, with a decline in incidents in early May and a low level until early August. Largely driven by CL0P, this year's decline in attacks occurred later in June and, rather than continuing to decline, increased and remained high through the first half of August. Even without CL0P, ransomware activity would still have seen a 70% increase over the previous year.
Growth of key industries
The third quarter report also looks at the industries that saw the biggest spikes in ransomware activity. These include law firms – an increase due in part to the ALPHV ransomware group, which accounted for nearly a quarter of all victims in this sector (+70%). Government agencies were hit by LockBit, which tripled the number of government fatalities from the second to the third quarter (mostly cities and municipalities) (+95%). Other industries that saw spikes include manufacturing (+60%), oil and gas (+142%) and transportation, logistics and warehousing (+50%). "Ransomware actors can quickly change targets, and no industry is immune. There is no better time to ensure the proper security controls are in place to mitigate the threat," Rebholz said.Follow us on Google News for more pills like this