Ransomware attacks in 2023 are up more than a substantial 95% compared to 2022, according to Corvus Insurance’s Q3 23 Global Ransomware Report.
Attacks continue to come in at a record setting pace, with Q3 23 global ransomware attack frequency up 11% over Q2.
In their Q2 23 report, the leading cyber underwriter highlighted a significant resurgence in global ransomware attacks, which has continued through the third quarter.
With just two months remaining in the year, the number of ransomware victims in 2023 has already surpassed what was observed for 2021 and 2022.
If things continue heading in this direction, 2023 will mark the first year to have more than 4,000 ransomware victims posted on leak sites. Last year 2,670 were recorded.
According to Corvus, there are two key factors that are said to be driving this frequency in ransomware attacks.
Firstly, the CL0P ransomware group has played a major role in this spike in 2023 ransomware activity. The group began causing issues in Q1 by exploiting GoAnywhere file transfer software, which impacted more than 130 victims.
Moving forward, in Q2, the group struck again with the solo use of a mass zero-day exploit by a ransomware group targeting a vulnerability in the MOVEit file transfer software, which impacted 264 victims at the time of this latest report.
The single MOVEit vulnerability accounted for 9% of victims listed in Q2 and 13% of victims listed in Q3.
Secondly, it is important to remember, that ransomware typically follows in seasonal patterns, with incidents decreasing in early May and remaining low through early August.
Driven largely by CL0P, this year’s dip in attacks occurred later in June and, rather than continuing to fall, they spiked and continued to remain at a high level through the first half of August.
Corvus explained, that even without CL0P, ransomware activity would still amount to a 70% year-over-year increase.
Jason Rebholz, CISO, Corvus Insurance, said: “It’s clear that ransomware attacks are on a record-setting pace for 2023, and based on activity at the end of Q3 and early Q4, we fully expect these numbers to surpass anything we have witnessed in previous years.
“Aside from these overall numbers, this report demonstrates the impact that a single ransomware group like CL0P can have when they invest in new tactics, which is what we saw with the mass zero-day exploit that wreaked havoc over the second and third quarters.”
Moreover, the industries that experienced the largest spike in ransomware activity in Q3 included, law practices, which saw an uptick due in part to the ALPHV ransomware group, which accounted for nearly a quarter of all victims in this industry (+70%).
Government agencies also witnessed a surge of attacks, with the impetus behind these attacks being LockBit, which tripled its government victims from Q2 to Q3 (mostly cities and municipalities) (+95%).
Additional industries that also witnessed a surge of attacks include Manufacturing (+60%), Oil and Gas (+142%), and Transportation, Logistics and Storage (+50%).
“Ransomware actors can quickly pivot their focus, and no industry is immune. There’s no better time to ensure the right security controls are in place to mitigate the threat,” added Rebholz.
