Ransomware activity sees 95% year-on-year spike
This year is on course to see more than 4,000 ransomware victims' stolen data posted on leak sites.
Ransomware activity during the third quarter of 2023 was up 95% compared with the year prior and 11% compared with the previous quarter, according to Corvus Insurance’s latest Global Ransomware report.
The cyber insurer adds that this year has already seen 3,311 total leak site victims. In comparison, there were 2,670 total victims during all of 2022 and 3,048 for all of 2021. On top of this, Corvus noted that between 27%-41% of ransomware victims quickly give in to demands and are never counted among leak site victims.
Ransomware leak sites are pages on the “dark web” that hackers use to list uncooperative ransomware victims and post stolen data. Corvus collects data from these sites for its quarterly cyber reports.
“It’s clear that ransomware attacks are on a record-setting pace for 2023, and based on activity at the end of Q3 and early Q4, we fully expect these numbers to surpass anything we have witnessed in previous years,” Jason Rebholz, chief information security officer at Corvus Insurance, said in a release.
During the third quarter, law practices became the most frequently targeted industry and saw a 70% increase in attacks. Transportation, logistics and storage; hospitality; retail; and telecommunication firms also saw ransomware activity increase more than 20% during the quarter.
What’s behind the spike?
Corvus reported that two major factors led to the sharp rise in ransomware: The CL0P gang’s massive exploitations of zero-day vulnerabilities, and hackers taking a truncated summer vacation.
CL0P exploited vulnerabilities in file transfer software from GoAnywhere and MOVEit, two attacks that had wide impacts. Corvus reported the MOVEit breach accounted for 9% of victims in the second quarter and 13% of all victims in Q3.
This shows what a massive effect one ransomware gang can have when it invests in new tactics, according to Rebholz.
However, even if CL0P’s exploits were removed from the data, Corvus reported ransomware incidents would still have been up 5% quarter on quarter and 70% year on year.
While these crimes are digital, the criminals are still human and take time off to unwind, Corvus noted. As such, there is typically a drop in ransomware activity starting in May and running through August. However, this year didn’t see a summer reprieve until August and the vacation period was over by September.
Corvus reported that based on prior years’ data, the final quarter of 2023 is likely to see even more ransomware activity.
Related: