Ransomware attacks setting record pace

Ransomware incidents rose 95% year-on-year in Q3

Ransomware attacks setting record pace


By Ryan Smith

Ransomware attacks spiked in Q3 by 11% over the second quarter and 95% year over year, according to a new report from cyber underwriter Corvus Insurance.

Corvus Insurance’s Q3 2023 Global Ransomware Report, which analyses data from ransomware leak sites, found that ransomware attacks are continuing to set a record-breaking pace.

The report found a “significant resurgence” in ransomware attacks in the second quarter, with the trend continuing into Q3.

“Now, with two months remaining in the year, the number of ransomware victims in 2023 has already surpassed what was observed for 2021 and 2022,” Corvus said in a news release.

Should the trend continue, 2023 will be the first year in which more than 4,000 ransomware victims are posted on leak sites, the report found.

Corvus said there were two key factors driving the elevated ransomware attacks in the third quarter.

First, the CLOP ransomware group has played a major role in 2023’s skyrocketing ransomware activity. The group surfaced in the first quarter of the year by exploiting GoAnywhere file transfer software, impacting more than 130 victims. In a mass zero-day exploit during Q2, CLOP targeted a vulnerability in the MOVEit file transfer software, accounting for at least 264 victims. The MOVEit vulnerability accounted for 9% of victims listed in the second quarter and 13% of victims listed in Q3, according to Corvus. However, ransomware would still be up 5% over Q2 and up 70% year on year even without the CLOP attacks.

The other factor driving the surge was a late dip in attacks. Ransomware incidents typically decrease in May and remain low through early August. This year, however – driven largely by CLOP – the drop-off did not occur until June, and rather than continuing to drop, spiked and stayed high through the first half of August, according to the report.

“It’s clear that ransomware attacks are on a record-setting pace for 2023, and based on activity at the end of Q3 and early Q4, we fully expect these numbers to surpass anything we have witnessed in previous years,” said Jason Rebholz, chief information security officer at Corvus Insurance. “Aside from these overall numbers, this report demonstrates the impact that a single ransomware group like CLOP can have when they invest in new tactics, which is what we saw with the mass zero-day exploit that wreaked havoc over the second and third quarters.”

Industry trends

The report also discussed which industries saw the largest rises in ransomware activity. These industries included:

  • Law practices – up 70%, driven largely by the ALPHV ransomware group, which accounted for nearly a quarter of all victims in the sector
  • Government agencies – up 95%, driven by attacks from LockBit, which tripled its government victims from the second quarter to the third
  • Other industries that saw ransomware spikes included manufacturing (up 60%), oil and gas (up 142%), and transportation, logistics and storage (up 50%)

“Ransomware actors can quickly pivot their focus, and no industry is immune,” Rebholzz said. “There’s no better time to ensure the right security controls are in place to mitigate the threat.”

Corvus recently announced the expansion of its collaboration with Travelers, which acts as a capacity provider for Corvus products within the US.

Have something to say about this story? Let us know in the comments below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!