According to NCC Group’s Global Threat Intelligence Team, ransomware attacks have seen a significant increase this year. In March 2023, ransomware attacks increased by over 90% compared to February and over 60% compared to March 2022. NCC Group stated that this is the highest number of ransomware attacks recorded in a single month. North America was the most targeted region, followed by Europe and Asia. The Industrial industry was hit the hardest, followed by Consumer Cyclicals and the Tech industry.

Cl0p Ransomware was responsible for almost 30% of all attacks in March, making it the most active Ransomware-as-a-Service group. Cl0p’s predecessor, known as CryptoMix, was notorious for targeting private companies, universities, and government institutions. Cl0p targeted larger organizations with advanced techniques and began using the double extortion method in 2020. LockBit 3.0 Ransomware and the Royal ransomware group followed Cl0p in the list of most active ransomware groups in March 2023.

NCC Group states that the sudden increase in attacks by Cl0p was due to vulnerability exploitations in Fortra GoAnywhere MFT. It is advised that organizations using GoAnywhere MFT should follow certain steps to prevent attacks, including installing the latest patch update, following steps in the GoAnywhere MFT security advisory (and contacting support if you need additional help), and monitoring for suspicious activity on admin accounts.

Matt Hull, NCC Group’s head of threat intelligence, warns that ransomware attacks are likely to continue to increase, and Cl0p is expected to be a critical and widespread threat for the remainder of 2023 if they continue to operate.

To protect against ransomware threats, organizations should be patching as often as possible, blocking common points of entry, creating offsite and offline backups, constantly monitoring for suspicious activity, being well-versed in your organization’s systems, exploring endpoint security packages, and isolating and removing malware, tools, and holes in the case of an attack.

Click HERE to more about our Ransomware Recovery Services! We are available 24×7, 365 days a year, to assist you with any of your ransomware needs.

Latest Ransomware Related Blogs

Ransomware Rescue
Contact Alvaka