The only thing hotter than the temperatures outside this summer? Ransomware. Here’s what you need to know.
July is the sixth month in a row with a YoY increase in ransomware victims and the fifth month in a row with victim counts above 300.
For the third time this year, we’ve seen a record-breaking number of listed companies on leak sites — with 478 new victims in July alone. Attack frequency remained high, with a 4.8% increase from last month, and 81% increase from this time last year.
Activity seemed to spike in March 2023 when prior records were broken, but this was followed by new all-time highs in June. While April and May showed decreased MoM numbers, YoY has stayed inflated well above 2022 levels. With July’s new high of 478, we are well above the typical decreased activity observed in summer.
July’s high numbers are mostly due to the CL0P ransomware group, which exploited a software vulnerability in MOVEit Managed File Transfer software in June and continues to add victims to their leak site. The group posted over 170 victims in July, which accounted for 35.56% of the industry-wide total of all monthly ransomware victims.
Without CL0P, July’s ransomware count would have stood at 308 victims on leak sites. This would have represented a 17% decline from June (excluding CL0P from June’s total as well) which would more closely match the pattern of decreased ransomware activity seen in the Summer months. However, numbers are still high YoY being 18% above July 2022 and 62% higher than July 2021.
Group |
Date Discovered |
Victim Count |
Cactus |
July 18, 2023 | 18 |
Cyclops |
July 14, 2023 | 3 |
Corvus will continue to monitor the threat landscape to protect insureds and contribute to the collective defense of the community.