Cybersecurity companies report surge in ransomware attacks

News By Daniel Michan Published on August 24, 2023

Several cybersecurity companies have recently published reports on ransomware, most indicating a significant rise in attacks.

Cybercriminal groups find attacks highly lucrative, as highlighted by the latest reports from various cybersecurity firms. These reports demonstrate both an increase in the frequency and sophistication of these attacks.

SecurityWeek has meticulously examined these reports and summarized the essential findings and emerging trends.

According to NCC Group cyber threat intelligence report for July 2023, they reported over 500 attacks a month alone. This represents a 153% surge compared to the same period last year, with an additional 16% increase compared to June. Notably, the industrial sector remains the target of these attacks. Furthermore, NCC Group noted an uptick of 59% in ransomware attacks across Europe from June to July.

The recent surge in incidents can largely be attributed to the activities of a group known as Cl0p, which targeted hundreds of organizations through their MOVEit hack. Shockingly, Emsisoft reported that this attack directly or indirectly impacted 730 organizations and over 47 million individuals as of August 19.

Interestingly, though, Guidepoint Security observed that excluding victims affected by the Cl0ps attack, there was a decrease in victims during July. On another note, Guidepoint Security identified an increase in groups during July, with a count of 36 compared to the previous month's tally of 28.

Besides Cl0p, there are other highly active groups to be aware of, including LockBit, BlackCat (ALPHV), and an emerging group called 8Base. 

In months, numerous companies have reported the emergence of new ransomware groups. Interestingly, some of these groups are actually rebranded versions of existing gangs. Among the newcomers are NoEscape, Cactus, Knight, BlackSuit, DarkRace, and Rhysida. For information on these groups, Malwarebytes has provided a summary.

According to data from BlackFog, July 2023 witnessed several attacks compared to the same month in the past four years. Notably, out of these attacks that came to light in July, only 38 were publicly disclosed by victims, while 390 attacks remained undisclosed.

ReliaQuests Q2 2023 report reveals an increase in organizations named as victims on ransomware group leak websites. Compared to the quarter count of 850 organizations named as victims, there were now 1,400 organizations listed.

CyberMaxxs second quarter report indicates that although most gangs experienced a minor increase in attacks during this period, notable growth was observed in groups such as ALPHV,8Base, BianLian, Karakurt, Nokoyawa Play, Qilin, and Snatch.

Regarding delivery attempts, SonicWall reported recording approximately a million attempts during the first half of 2023, representing a decrease of around 41%. According to SonicWall, one important aspect is the rise of extortion attacks that no longer involve the distribution of malware that encrypts files.

Sophos recently conducted a study focusing on attacks targeting educational institutions. The findings indicate an increase in such attacks over the past few years. While a large majority of organizations in this sector managed to recover their encrypted data, around half did so by agreeing to pay a ransom.

Barracuda reported that the number of reported attacks against sectors like education, municipalities, and healthcare has doubled since last year and increased more than fourfold since 2021.

Not only has there been an uptick in attack frequency, but there has also been an escalation in sophistication. According to Akamai's findings, ransomware groups increasingly prioritize actions like files and exploit zero-day and one-day vulnerabilities to gain initial access.

Once attackers have successfully infiltrated an organization's systems, they deploy what some refer to as "precursor malware." which paves the way for lateral movement and the actual ransomware payload. Lumus report highlights Qbot, Phorpiex, Emotet, Cobalt Strike, Ursnif, and Dridex as the top ransomware precursors observed in 2022.

According to the analysis conducted by Comparitech, it is estimated that 500 manufacturing companies experienced significant financial losses from ransomware attacks between 2018 and 2023. The total amount lost solely in terms of downtime is estimated to be around $46.2 billion.