Continued MOVEit Exploitation Drives Record Ransomware Attacks


Ransomware attacks hit record levels in July 2023, driven by the Clop gang’s continued exploitation of the MOVEit vulnerability, according to NCC Group’s Threat Intelligence team.

The researchers observed the largest volume of ransomware attacks in a single month in July, at 502. This represents a 154% year-on-year rise compared to July 2022, and a 16% increase on the previous month, June 2023.

The report found that the notorious Clop group was responsible for 171 of the 502 ransomware attacks in July (34%), as it continues to target global organizations via the MOVEit file transfer flaw.

A number of household names have been affected by the zero-day vulnerability, including the BBC, BA, Boots and the government of Nova Scotia, leading to millions of end users’ data being compromised.

The second most active threat actor in July was Lockbit 3.0, responsible for 50 (10%) of attacks.

Additionally, the researchers observed activity from new threat actors following the reinvention and rebranding of existing groups. This includes Noescape, believed to be a rebrand of Avaddon, which accounted for 16 attacks in July.

Read more…