Ransomware attacks in July were mostly attacked by this one group and broke records

ransomware Attacks reached record levels in July 2023 due to the exploitation of MOVEit software by the Cl0p ransomware group.

in new report Analysts observed a record number of ransomware-related cyberattacks in the last month, tracking 502 severe incidents, according to the NCC Group’s Global Threat Intelligence Team. . According to the researchers, this represents a 154% year-over-year increase compared to 198 attacks tracked in July 2022.

Also: What is ransomware? Everything you need to know

July’s figures are up 16% from the previous month, with 434 ransomware incidents recorded in June 2023.

The NCC Group says this record number is due in no small part to the activities of the notorious group Cl0P, which is associated with the MOVEit software abuse.

Who is Cl0p?

Also known as or related to Cl0p lace tempestwas responsible for 171 of the 502 attacks in July, many of which are believed to be due to the exploitation of the file transfer software MOVEit.

Also: Ransomware is now a problem for everyone, not just technology

Cl0p has been around since 2019 and is known as a Ransomware-as-a-Service (RaaS) service to cybercriminals. Cl0p, also known as or related to TA505, is actively pursuing high-value targets in order to extort high ransomware payments, with operators using pre-encryption as a so-called double extortion tactic. often steal information.

If the victim refuses to pay, the stolen data risks being published online and listed on public leak sites.

MOVEit exploit

It is branded as “”.slow disaster”, the MOVEit exploit impacted hundreds of organizations around the world, and data belonging to millions of individuals was stolen.

May, Progress Software report File transfer services MOVEit Transfer and MOVEit Cloud contain a zero-day vulnerability that could lead to privilege escalation and unauthorized access to customer environments. The problem is that MOVEit is used by government agencies and highly regulated industries, either directly or through the software supply chain.

Also: I’m a security pro who nearly fell for an AI-generated cryptocurrency invoice scam

Victims allegedly include the US Department of Energy, Shell, BBC, Ofcom, National Student Clearinghouse, and numerous US universities.

Industries affected

In total, 31% of the 155 ransomware attacks or recorded incidents were caused by industrial players.

Industry players include professional and commercial services, manufacturing, construction and engineering. Professional and commercial services were the most targeted in July, with ransomware gangs Cl0p, LockBit 3.0 and 8Base accounting for 48% of all recorded cyberattacks, researchers said.

While these sectors have seen the most ransomware attacks so far this year, consumer circular advertising ranked second with 79 attacks, or 16% of the total in July. corresponds to This category represents the hotel, entertainment, media, retail, homebuilding, automotive sector, and more.

Also: Best VPN Service Right Now: Expert Tested & Reviewed

Technology ranked third with 72 attacks (representing 14% of monthly attacks), with NCC Group saying the industry “experienced the largest increase in absolute numbers across the top three sectors this month.” [and] This is probably due to Cl0p activity. “

Cl0p was responsible for 39 cyberattacks (54%) against this sector, including attacks against organizations providing IT and software services, semiconductor suppliers, consumer electronics and telecommunications services .

A new ransomware group emerges

After Cl0p, Lockbit 3.0 ranked as the second most active ransomware gang in July, causing 50 attacks representing 10%. While this represents a 17% month-over-month decrease, July was also a hub for new and rebranded threat actors to make their presence known.

For example, it is believed to be a rebrand of Noescape –. Avadonwas shut down in 2021 after sending thousands of decryption keys to the press. It accounted for 16 of the recorded attacks, joined by attacks such as 8Base, BianLian, BlackCat, Play, and Cactus.

Also: Industrial networks need better security as attacks grow

“Many organizations are still battling the effects of Cl0p’s MOVEit attack, which shows how widespread and long-lasting ransomware attacks are. No organization or individual is safe.” NCC Group commented. “This campaign is especially important given how Cl0p was able to extort hundreds of organizations by compromising a single environment. We also have to pay close attention to our organizational security protocols.” We work together as part of the supply chain. “