Dozens of Reports Signal Sharp Rise in Ransomware Attacks

SecurityWeek has analyzed reports from multiple cybersecurity companies and emphasized that ransomware attacks are increasing significantly in both sophistication and volume. The NCC Group’s July 2023 cyber threat intelligence report indicated a 153% increase in attacks compared to one year ago, with over 500 attacks occuring in the past month alone.

The Cl0p group has been identified as a major contributor to this surge, targeting hundreds of organizations through the MOVEit hack. Emsisoft revealed that as of August 24th, the MOVEit attack directly and indirectly impacted 988 organizations and over 59 million individuals. Interestingly, when excluding Cl0p’s MOVEit victims, Guidepoint Security observed a drop in the number of victims in July. However, they also noted that the number of active known ransomware groups increased from 28 in June to 36 in July.

BlackFog data indicated that July 2023 experienced the highest number of ransomware attacks compared to the same month over the past four years. Only 38 of the attacks that occurred this July were publicly disclosed — 390 remain undisclosed.

ReliaQuest’s Q2 2023 report documented a record number of victims named on ransomware group leak websites, with 1,400 organizations affected, up from 850 in the previous quarter.

SonicWall recorded 150 million ransomware delivery attempts in the first half of 2023, marking a 41% drop year-to-date. This decline is attributed to a shift towards pure extortion attacks, which bypass the need for file-encrypting malware.

The financial implications of these attacks are staggering. Comparitech estimates that nearly 500 manufacturing companies affected by ransomware between 2018 and 2023 lost an estimated $46.2 billion in downtime alone.

Akamai's findings show that ransomware groups are honing their skills, focusing on file exfiltration and exploiting zero-day and one-day vulnerabilities for initial access. Once inside an organization's systems, attackers deploy “precursor malware” to facilitate lateral movement and deliver the actual ransomware payload. Lumu identified Qbot, Phorpiex, Emotet, Cobalt Strike, Ursnif, and Dridex as the top ransomware precursors in 2022.

The education sector is also under siege, with Sophos reporting a steady increase in attacks over recent years. Barracuda noted that attacks against sectors like education, municipalities, and healthcare have doubled since last year and quadrupled since 2021.