According to NCC Group’s Global Threat Intelligence Team, ransomware attacks have seen a significant increase this year. In March 2023, ransomware attacks increased by over 90% compared to February and over 60% compared to March 2022. NCC Group stated that this is the highest number of ransomware attacks recorded in a single month. North America was the most targeted region, followed by Europe and Asia. The Industrial industry was hit the hardest, followed by Consumer Cyclicals and the Tech industry.

Cl0p Ransomware was responsible for almost 30% of all attacks in March, making it the most active Ransomware-as-a-Service group. Cl0p’s predecessor, known as CryptoMix, was notorious for targeting private companies, universities, and government institutions. Cl0p targeted larger organizations with advanced techniques and began using the double extortion method in 2020. LockBit 3.0 Ransomware and the Royal ransomware group followed Cl0p in the list of most active ransomware groups in March 2023.

NCC Group states that the sudden increase in attacks by Cl0p was due to vulnerability exploitations in Fortra GoAnywhere MFT. It is advised that organizations using GoAnywhere MFT should follow certain steps to prevent attacks, including installing the latest patch update, following steps in the GoAnywhere MFT security advisory (and contacting support if you need additional help), and monitoring for suspicious activity on admin accounts.

Matt Hull, NCC Group’s head of threat intelligence, warns that ransomware attacks are likely to continue to increase, and Cl0p is expected to be a critical and widespread threat for the remainder of 2023 if they continue to operate.

To protect against ransomware threats, organizations should be patching as often as possible, blocking common points of entry, creating offsite and offline backups, constantly monitoring for suspicious activity, being well-versed in your organization’s systems, exploring endpoint security packages, and isolating and removing malware, tools, and holes in the case of an attack.

Click HERE to more about our Ransomware Recovery Services! We are available 24×7, 365 days a year, to assist you with any of your ransomware needs.

Latest Ransomware Related Blogs

Ransomware impact on customer trust. lose-up of hands on a laptop keyboard with glowing code and digital particles floating around, giving a high-tech, programming or hacking impression.
Cloud ransomware vulnerability assessment. A hand holds a smartphone above an open laptop. On the laptop screen is a vivid red warning symbol with an exclamation mark inside a triangle, along with icons for email and settings. White arrows labeled "IN" and "OUT" point between the phone and laptop, suggesting a file upload or data transfer in progress. The scene conveys a cyberattack, security breach, or phishing warning.
Ransomware risk management framework. A professional wearing a blue shirt is interacting with a virtual, transparent interface emerging from their laptop. They use a stylus pen, suggesting precise control. Floating around their hands are various icons symbolizing technology, including cloud services, data analytics, global connectivity, finance or banking, and artificial intelligence. The image conveys the themes of digital transformation, data analysis, and secure management through technology.
Ransomware preparedness audits. A person dressed professionally is sitting at a laptop, typing on the keyboard. Around the laptop, there are virtual icons floating in the air, labeled with things such as problem-solving (a lightbulb icon), decision-making (gear icons with check and cross marks), and risk assessment (represented by a notepad icon). This image highlights a person engaged in analytical or cybersecurity-related work, emphasizing thoughtful decision-making.
Ransomware Rescue
Contact Alvaka