CIO Influence
CIO Influence News Data Management Security

Ransomware Attacks up 221% Year-On-Year, With 434 Attacks in June 2023

Ransomware Attacks up 221% Year-On-Year, With 434 Attacks in June 2023
Threat actor Clop claims 90 victims in June, following exploitation of MOVEit vulnerability

Ransomware attacks continue to hit record levels with 434 attacks in June 2023, a 221% increase on the same period last year (135 attacks – June 2022), according to the latest analysis from NCC Group’s Global Threat Intelligence team.

June’s high levels of activity has been driven by Clop’s exploitation of the MOVEit file transfer software vulnerability, consistently high levels of activity by groups such as LockBit 3.0, and emergence of several new groups since May.

Threat actors

Russian-speaking threat actor Clop was responsible for 90 of the 434 attacks (21%) in June, following its exploitation of an SQL injection vulnerability in MOVEit file transfer software, CVE-2023-34362, allowing the group to use this flaw to escalate privilege and steal sensitive data. It follows a quiet period for Clop in May, when it was responsible for just 2 attacks.

LockBit 3.0, the most active threat actor of 2023 so far, was responsible for 62 of the attacks, a fall of 21% from 78 attacks in May. 8base, a new threat actor discovered in May, stepped up activity with 40 attacks (9%) in June – making it the third most active threat group in June.

Other notable activity included 17 attacks from Rhysida and 9 attacks from Darkrace, two ransomware-as-a-service (RaaS) groups that were first observed in May 2023.


North America was the most targeted region, accounting for more than half of the attacks in June with 222 victims (51%) – the exact same total as May. Europe (27%) and Asia (9%) followed with 116 and 40 victims respectively.

Read More: The Rise of OT Cybersecurity Threats


Industrials was the most targeted sector in June, representing 143 of the total attacks (33%), followed by Consumer Cyclicals (12%) with 52 attacks, and Technology (11%) with 48 attacks.

Spotlight: Clop and the MOVEit vulnerability

In June, threat actor Clop’s exploitation of a vulnerability in Progress Software’s MOVEit file transfer app, which is used by thousands of organizations around the world, made international headlines. A number of organizations whose supply chains use the MOVEit app suffered a data breach as a result, with customer and/or employee data being stolen.

This vulnerability has been abused to compromise MOVEit MFT servers and exfiltrate data and is currently tracked as CVE-2023-34362. Targets included big name brands, with attacks against well-known publishers, accounting firms, consultancies, large energy companies and colleges, amongst others.

Over the last two years, Clop has abused four vulnerabilities in appliances that would either lead to the deployment of Clop ransomware or exfiltration of the victim organization’s data.

Matt Hull, global head of Threat Intelligence at NCC Group, said: “The considerable spike in ransomware activity so far this year is a clear indicator of the evolving nature of the threat landscape. The better known players, such as Lockbit 3.0, are showing no signs of letting up, newer groups like 8base and Rhysida are demonstrating what they’re capable of, and Clop have exploited a major vulnerability for the second time in just three months.”

“It’s imperative that organizations remain vigilant and adapt their security measures to stay one step ahead. We strongly advise any organization using MOVEit File transfer software to apply the recent patch, given this vulnerability is being actively exploited.”

Related posts

Guardicore Centra Mitigates Ransomware with Software-Based Segmentation

Redefining AI Software Testing: MuukTest Unveils TestXplainer


SoundHound Inc. Extends Partnership with Snap to Provide Auto Captioning

CIO Influence News Desk