Connect with us

Hi, what are you looking for?



Cybersecurity Companies Report Surge in Ransomware Attacks

Cybersecurity companies have released a dozen ransomware reports in recent weeks and most of them show a surge in attacks.


Cybersecurity companies have released a dozen ransomware reports in recent weeks and most of them show a significant increase in attacks.

Ransomware attacks continue to be highly profitable for cybercrime groups and the recent reports released by various cybersecurity firms show that they are increasing both in terms of volume and sophistication. 

SecurityWeek has analyzed these reports and has created a summary of the most important findings and trends. 

According to NCC Group’s July 2023 cyber threat intelligence report, the company saw over 500 attacks last month, an increase of 153% compared to one year ago, and a 16% increase compared to June, with the industrials sector continuing to be the most targeted. The company saw a 59% increase in ransomware attacks in Europe from June to July.

The surge recorded in recent months is in large part due to the Cl0p group, which targeted hundreds of organizations through the MOVEit hack. According to Emsisoft, 730 organizations and over 47 million people were hit directly and indirectly by the MOVEit attack as of August 19.

However, Guidepoint Security noted that the number of victims actually dropped in July if we exclude Cl0p’s MOVEit victims. On the other hand, the company saw 36 active groups in July, compared to 28 in the previous month. 

In addition to Cl0p, the list of highly active groups includes LockBit, BlackCat (ALPHV) and an emerging group named 8Base

Advertisement. Scroll to continue reading.

Several companies have reported seeing new ransomware groups emerge in recent months, some of which are actually the result of the rebranding of existing gangs. Newcomers include NoEscape, Cactus, Knight, BlackSuit, DarkRace, and Rhysida. Malwarebytes has a summary on some of these groups.  

BlackFog data showed that July 2023 saw the highest number of attacks compared to the same month over the past four years. Interestingly, the company noted, only 38 of the ransomware attacks that came to light in July were publicly disclosed, compared to 390 attacks that were not disclosed by victims.

ReliaQuest’s Q2 2023 report shows a record number of victims named on ransomware group leak websites — 1,400 organizations, up from 850 in the previous quarter. 

CyberMaxx also has a report for the second quarter, revealing that while most gangs saw only a minor increase in attacks, groups such as ALPHV, 8Base, BianLian, Karakurt, Nokoyawa, Play, Qilin, and Snatch showed significant growth. 

In terms of ransomware delivery attempts, SonicWall said it recorded 150 million attempts in the first half of 2023, which represents a 41% drop year-to-date. One key factor, according to SonicWall, is the shift to pure extortion attacks, which do not involve the distribution of file-encrypting malware. 

Sophos recently published a report focusing on ransomware attacks on the education sector. The report reveals that attacks against this sector have been steadily increasing in recent years. A vast majority of organizations in this sector managed to recover encrypted data, but roughly half did so by accepting to pay a ransom. 

Barracuda said the number of reported ransomware attacks against sectors such as education, municipalities and healthcare have doubled since last year and more than quadrupled since 2021. 

In addition to an increase in attack volume, there has been an increase in sophistication. Akamai reported that ransomware groups are increasingly focusing on file exfiltration and the exploitation of zero-day and one-day vulnerabilities for initial access.

Once they have gained initial access to an organization’s systems, attackers are deploying what some call ‘precursor malware’, which paves the way for lateral movement and the actual ransomware payload. According to a report from Lumu, the top ransomware precursors in 2022 were Qbot, Phorpiex, Emotet, Cobalt Strike, Ursnif, and Dridex.

In terms of costs associated with ransomware attacks, Comparitech estimates that, between 2018 and 2023, nearly 500 manufacturing companies that got hit by ransomware lost an estimated $46.2 billion in downtime alone.

Related: Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report

Related: MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows

Related: Dozens of Organizations Targeted by Akira Ransomware

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.