Thanks to the Clop ransomware (opens in new tab) group and its exploit of a flaw in Fortra’s GoAnywhere MFT secure file transfer tool, March 2023 was a record-breaking month for ransomware attacks.
New figures from NCC Group claim there had been 459 ransomware attacks recorded in March 2023 – up 91% compared to February, and up 62% compared to the same month in the previous year.
Records were broken mostly because Clop, allegedly a Russian threat actor, discovered a zero-day in GoAnywhere MFT, a secure file transfer tool from Fortra, which was in use by some major corporate names. By abusing the zero-day, now tracked as CVE-2023-0669, the hackers managed to steal data and deploy ransomware on dozens of organizations.
Dethroning LockBit 3.0
After leaking data from its first victim, Clop said 130 organizations were compromised, which isn’t wide of the mark given NCC Group’s assessment of 129 recorded attacks. The researchers said this makes clop “the most active ransomware gang” for the first time in its operational history.
Clop even managed to dethrone the infamous LockBit 3.0, which conducted 97 attacks in the same timeframe. Other notable mentions for March 2023 include Royal ransomware, BlackCat (AKA ALPHV), Bianlian, Play, Blackbatsa, Stormous, Medusa, and Ransomhouse.
“Industrials” – construction, engineering, transport services, commercial and professional services, and more – were the most popular targets, with 147 (32%) ransomware attacks. “Consumer Cyclicals” – construction suppliers, hotels, media, and more – were second-placed, NCC Group said. Other notable mentions include technology, healthcare, financials, and educational services.
NCC Group also mentions that ransomware operators don’t really care who they’re attacking. Every incident is opportunistic, rather than targeted, despite the fact that some industries suffered more than others. Almost half of all attacks (221) happened in North America, with Europe following in second-place with 126 incidents. Asia rounds off the top three with 59 attacks.
Via: BleepingComputer (opens in new tab)