<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

Record Ransomware Attacks: June 2023 Highest Month Ever

Threat actors broke another record. Here’s what you need to know.

Executive Summary

  • Corvus observed 456 new ransomware victims on leak sites in June 2023, 38% higher than May 2023.

  • Attacks were well above the normal levels observed in June with a 179% increase YoY.

  • Another CL0P campaign inflated the numbers with 91 victims associated with the MOVEit vulnerability. Even without the CL0P attacks, June saw increased activity by 13% MoM.

Analysis Detail

Ransomware Attack Frequency Trends

Ransomware broke another record for the second time in the last few weeks with June having the highest number of listed companies on leak sites ever recorded. Attack frequency remains high, with a 38% increase from last month and a 179% increase from this time last year. 

After breaking a prior record in March of 2023, ransomware victims decreased MoM but stayed inflated YoY. Bucking the typical trend which sees a decrease in ransomware in the Summer months, June bounced back to break March’s prior record with 452 new ransomware victims listed on leak sites.

This is the fifth month in a row with a YoY increase in ransomware victims and the fourth month in a row with victim counts above 300.

[GRAPH DIAGRAM] Total Posted Victims Difference 2022 vs 2023

[LINE GRAPH] Ransomware Victims by Month - June 2021 vs June 2022 vs June 2023

Much of June’s spike is due once again to the CL0P ransomware group, which repeated a page from its playbook to exploit another software vulnerability en masse that included over 90 victims. This is what also led to such a spike in March 2023 as well when the same group exploited and listed over 100 victims in a single month. In June, CL0P alone accounted for 19.61% of the total listed victims for the month, out of 29 active ransomware groups. 

Without CL0P’s campaign, the total for the month would still stand at 373, a 13% increase over the prior month and a 128% increase YoY.

[BAR GRAPH] CL0P Leak Site Victims - December 2020 - June 2023

New Ransomware Groups

Newly discovered leak sites this month include Blacksuit, NoEscape, and Rhysida.

Corvus Threat Intel Team Notes

The number of ransomware victims on the dark web listed in June 2023 continues the alarming increase trend. This marks the fourth month in a row with more than 300 victims listed on leak sites, showing ransomware at a scale never seen before. A decrease is usually observed during the Summer months but large-scale campaigns such as those carried out by CL0P has prevented that. But even without CL0P, numbers remain much higher than normal.

Corvus will continue to monitor the threat landscape to protect insureds and contribute to the collective defense of the community.

This report is intended for general guidance and informational purposes only. This report is under no circumstances intended to be used or considered as specific insurance or information security advice. This report is not to be considered an objective or independent explanation of the matters contained herein.

Recent Articles

Q3 Cyber Threat Report: The Ransomware Ecosystem is Increasingly Distributed


Ransomware attacks remained high in Q3 2024, with groups targeting sectors like Construction and Healthcare, often exploiting weak VPN credentials.

Q2 Cyber Threat Report: Ransomware Season Arrives Early


In this report, our threat intel team highlights our critical cyber threat and ransomware findings from Q2 2024 and what it means for the threat landscape.

Global IT Meltdown: CrowdStrike Software Update Causes Broad Outages


On July 19, 2024, the world woke up to a massive IT outage caused by cybersecurity firm CrowdStrike that affected numerous industries across the globe.