Cl0p Campaign Drives Ransomware Attacks to Record Levels in July

Date:

August 31, 2023

World map

The Clop ransomware gang’s unprecedented campaign exploiting a known vulnerability in the MOVEit file sharing program drove attacks levels to a new high in July, according to new research.  

“Analysts observed a record number of ransomware-related cyberattacks last month, with 502 major incidents tracked. According to the researchers, this represents a 154% increase year-on-year, compared to 198 attacks traced in July 2022,” ZDNet reports.

“July's numbers represent a 16% rise from the previous month, with 434 ransomware incidents recorded in June 2023.”

Takeaway: The last time attack volumes hit record levels was just a few months ago in March, with a reported 459 successful attacks. That was up 91% over February’s volume and up 62% year-over-year.

Other reports indicate there have been more than 2,300 successful ransomware attacks in just the first half of 2023 according to the most recently data, with the vast majority carried out by only three ransomware operators: LockBit (35.3%), ALPHV/BlackCat (14.2%), and Cl0p (11.9%). Overall, ransomware attacks were up 74% in Q2-2023 over Q1 volumes.

The actual numbers are likely to be much higher than what is being reported, given another recent study found that over half (61%) of executives surveyed reveal they did not report a major ransomware attack, according to a global survey of over 1,400 IT decision-makers at large organizations.

But wait... the ransomware problem may still be bigger than that.  

In 2022, the FBI spent seven months monitoring the infamous Hive ransomware gang after infiltrating their operations. Based on their observations, the agency came to the shocking conclusion that only about 20% of attacks were being reported to law enforcement.  

That would mean the ransomware problem is not just twice as big as we think, but potentially several orders of magnitude bigger.  

By extrapolation, we could infer that there have actually been more than 10,000 successful ransomware attacks in the first half of 2023, but they are simply not being reported.

While federal authorities have been making efforts to help organizations get a handle on the ransomware onslaught, all of our efforts to stem the tide of ransomware attacks are hindered by not truly understanding the magnitude of this growing threat.

Security teams need hard numbers so they can quantify the risk accurately and make the needed recommendations for improvements to security programs, else grams, else they are going to have an even harder time getting proper finding.

Security is a tough space when it comes to budgets. When a security program is running well, the outcome is that nothing happens, or at best there is some data on the number of attempted attacks that were thwarted.

This makes it hard for security team leaders to justify new investments to address novel threats. And this is why we keep seeing organizations pledge to spend millions to shore up security and better protect consumer and customer data – but usually only after the organization has been victimized and sensitive data lost.

If the federal government wants to have an immediate impact in combatting ransomware attacks, giving organizations the data they need to adequately measure their potential risk will go further than most anything else they can offer at this time.

Ransomware is one of the biggest threats to any organization today, and we can’t effectively address the threat if we don’t understand it fully.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.