Ransomware attacks hit record levels in July, largely due to one group.

Ransomware attacks hit record levels in July, largely due to one group.

Ransomware Attacks Reach Record Levels: Cl0p Group Exploits MOVEit Software

Ransomware illustration

Ransomware attacks have reached a record high in July 2023, with the notorious Cl0p ransomware group using the vulnerability of MOVEit software [^1^].

A report released by NCC Group’s Global Threat Intelligence team reveals that there were 502 major ransomware incidents recorded last month, a staggering 154% increase compared to the 198 attacks documented in July 2022 [^1^]. This surge represents a growing threat to organizations and individuals alike.

The Rise of Cl0p

The Cl0p group, also known as Lace Tempest, was responsible for 171 out of the 502 attacks in July, many of which exploited the file transfer software MOVEit [^1^]. Cl0p has been operating as a Ransomware-as-a-Service (RaaS) provider since 2019, catering to cybercriminals looking to extort high ransomware payments [^1^]. Additionally, Cl0p employs a double-extortion tactic, stealing information before encrypting it to further pressure victims to pay [^1^].

Failure to comply with the ransom demands can lead to the public release of the stolen data on leak sites, causing significant reputational damage for the victims [^1^].

The MOVEit Software Exploit

MOVEit, a widely used file transfer service, has been at the core of these attacks, impacting numerous organizations worldwide and compromising data belonging to millions of individuals [^1^]. In May, Progress Software disclosed a zero-day vulnerability in MOVEit Transfer and MOVEit Cloud, potentially providing unauthorized access and escalated privileges to customer environments [^1^]. This exploit has particularly affected government agencies and highly-regulated industries, both directly and through software supply chains [^1^].

Victims of the MOVEit exploit include notable organizations such as the US Department of Energy, Shell, the BBC, Ofcom, the National Student Clearinghouse, and several US universities [^1^]. The impact on these entities, along with numerous others, has been significant.

Industries Impacted

Among the industries hit by ransomware attacks, industrial players accounted for 31% of the recorded incidents, with professional and commercial services being the most targeted in July [^1^]. The main culprits behind the attacks were Cl0p, LockBit 3.0, and 8Base, responsible for 48% of all cyberattacks in this sector [^1^].

In addition to professional and commercial services, consumer cyclicals also faced a considerable number of attacks, making up 16% of the total incidents in July [^1^]. This category encompasses hotels, entertainment, media, retail, homebuilding, the automotive sector, and more [^1^].

The technology industry ranked third, with 14% of the monthly attacks attributed to it. NCC Group highlights Cl0p’s activity as the main driving force behind this increase [^1^]. The technology sector experienced 72 attacks, with Cl0p being responsible for 54% of them [^1^].

New Ransomware Threat Actors

While Cl0p remains a prominent threat, other ransomware groups also made their presence known in July. Lockbit 3.0 emerged as the second most active ransomware gang, responsible for 10% of the attacks during the month [^1^]. The rebranding and emergence of new groups, such as Noescape (a suspected rebrand of Avaddon), added to the overall threat landscape [^1^]. Other notable groups include 8Base, BianLian, BlackCat, Play, and Cactus [^1^].

The Far-Reaching Impact

Matt Hull, Global Head of Threat Intelligence at NCC Group, warns that the repercussions of Cl0p’s MOVEit attack highlight the long-lasting and extensive damage ransomware attacks can cause [^1^]. He advises organizations to remain vigilant in protecting their own environments while closely monitoring the security protocols of their supply chain partners [^1^].

Ransomware attacks continue to pose a significant threat to both businesses and individuals. As cybercriminals exploit vulnerabilities in popular software like MOVEit, organizations must prioritize cybersecurity measures to mitigate the risk and ensure the safety of their data.


Sources: [^1^]: ZDNet – Ransomware attacks reach record levels in July 2023