March 2023 was a record-breaking month for ransomware attacks.
New figures from NCC Group claim there had been 459 ransomware attacks recorded in March 2023 – up 91% compared to February, and up 62% compared to the same month in the previous year, says an article by Tech Radar.
Records were broken mostly because an alleged Russian threat actor called Clop discovered a zero-day in a secure file transfer tool from Fortra, which was in use by some major corporate names.
By abusing the zero-day, now tracked as CVE-2023-0669, the hackers managed to steal data and deploy ransomware on dozens of organisations.
A zero-day threat or attack is an unknown vulnerability in your computer or mobile device’s software or hardware. The term is derived from the age of the exploit, which takes place before or on the first (or “zeroth”) day of a security vendors’ awareness of the exploit or bug (McAfee).
After leaking data from its first victim, Clop said 130 organisations were compromised. Researchers say this makes Clop “the most active ransomware gang” for the first time in its operational history.
LockBit 3.0 was said to have conducted 97 attacks in the same timeframe. Other attacks in March came from names including Royal ransomware, BlackCat (AKA ALPHV), Bianlian, Play, Blackbatsa, Stormous, Medusa, and Ransomhouse.
The most targeted business sectors included construction, engineering, transport services, commercial and professional services.