September was a record month for ransomware attacks in 2023


Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months.

According to NCC Group data, ransomware groups launched 514 attacks in September. This surpasses March 2023 activity, which counted 459 attacks, and was heavily skewed by Clop’s MOVEit Transfer data theft attacks.

Clop had virtually no activity in September, which may be a sign the sophisticated ransomware gang is preparing for its next big attack. 

However, the record was achieved by other threat groups, led by LockBit 3.0 (79 attacks), LostTrust (53), and BlackCat (47).

LostTrust is a new threat actor in the list, making a dynamic entrance straight to second place.

Believed to be a rebrand of MetaEncryptor due to significant code overlaps, LostTrust has already encrypted the networks of many organizations, some of whom experienced data leaks, too.

RansomedVC, a newcomer in extortion attacks employing GDPR reporting threats, is in NCC’s fourth place with 44 attacks. However, it should be noted that some of the attacks claimed by Ransomed were later found to be exaggerated.

This means that roughly one out of five attacks in September came from a new ransomware operation, highlighting their aggressiveness and capability for scale.

Recorded ransomware attacks
Recorded ransomware attacks (NCC Group)

In terms of targeted regions, North America took the lion’s share with 50%, Europe followed with 30%, and Asia was third with 9%.

The most targeted sectors were ‘industrials’ (construction, engineering, commercial services) with 169 attacks, ‘consumer cyclicals’ (retail, media, hotels) with 94, technology (software and IT services, networking, telecommunications) with 52, and healthcare with 38.

Most targeted sectors in September 2023
Most targeted sectors in September 2023 (NCC Group)

2023 on a record trajectory

NCC’s report highlights that from January 2023 until September 2023, it has recorded nearly 3,500 attacks, and it’s now likely that the final figure will be close to 4,000 by the end of the year.

Another report by Chainalysis from earlier this year predicted 2023 to be a record-breaking year for ransomware payments based on projected data.

Despite the continuous efforts by law enforcement to curb the problem, which has matured, ransomware remains a shape-shifting threat that bombards organizations with ever-improving initial access methods and increasingly covert tactics and payloads.



Source link