<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

While Leaves Fall, Ransomware Rises: Attacks Are Up 5.1% in September

Threat actors are starting Fall off by increasing ransomware numbers. Here’s what you need to know.

Executive Summary

Corvus observed 410 new ransomware victims posted to leak sites in September 2023.

  • A 5.12% increase from the prior month.

  • This also represents a 79.82% increase YoY.

  • This is the ninth month in a row with a YoY increase in industry wide ransomware victims and the seventh month in a row with victim counts above 300.

Ransomware Analysis Detail 

Ransomware Attack Frequency Trends

Attacks picked up by 5.12% from August and remained high YoY (79.82% increase). September is the eighth month in a row with a YoY increase in ransomware victims, the sixth month in a row with victim counts above 300, and the fourth month this year with victim counts above 400.

We discovered a leak site in September belonging to a new ransomware group: LostTrustTeam. While the website featured 52 victims, we did not include these in September’s total numbers as we are uncertain when the attacks occurred. However, with their inclusion, September’s total would stand even higher at 462 victims.

[CHART] Ransomware Attack Frequency Month-over-Month Difference & Year-over-Year Difference Jan. - Sep. 2023

This year’s Summer slowdown was shorter and came later than expected. If you blinked, you probably missed it. After two record-breaking months in June and July, ransomware decreased slightly in the first half of August. September shows a notable return to activity for ransomware gangs which, following seasonal patterns will likely continue to increase in Q4.

[LINE GRAPH] Ransomware Victims by Month Jan. 2021 - Dec. 2023

As we have reported for the past several months, the CL0P ransomware group utilized exploits to amass large numbers of victims, further inflating ransomware numbers for several months out of the year. Their campaign against MOVEit file transfer and storage software appears to have ended with no activity in September. The graph below shows ransomware metrics with CL0P removed from the analysis. While mass exploits add considerably to the total number of ransomware victims, there is a clear trend of steady increases even without CL0P’s outsized contribution. Viewed in this new light, September would actually be the most active month of 2023 without victims from mass exploits. The Q4 increase is also more stark.

[LINE GRAPH] Ransomware Victims by Month - Without CL0P Jan. 2021 - Dec. 2023

New Ransomware Groups

Newly discovered leak sites this month include LostTrustTeam, ThreeAM, and CiphBit.

Group

Date Discovered

Victim Count

LostTrustTeam

9/26/2023 52

ThreeAM

9/14/2023 10

CiphBit

9/12/2023 8

Corvus Threat Intel Team Notes

Corvus is closely monitoring three trends:

  1. Seasonal variation in ransomware shows a Q4 increase.
  2. The Summer decrease in 2023 was later and much less pronounced than usual, given CL0P’s use of a zero-day exploit against MOVEit.
  3. Attack frequency remains high YoY.

Corvus will continue to monitor the threat landscape to protect insureds and contribute to the collective defense of the community.

Recent Articles

Q3 Cyber Threat Report: The Ransomware Ecosystem is Increasingly Distributed


Ransomware attacks remained high in Q3 2024, with groups targeting sectors like Construction and Healthcare, often exploiting weak VPN credentials.

Q2 Cyber Threat Report: Ransomware Season Arrives Early


In this report, our threat intel team highlights our critical cyber threat and ransomware findings from Q2 2024 and what it means for the threat landscape.

Global IT Meltdown: CrowdStrike Software Update Causes Broad Outages


On July 19, 2024, the world woke up to a massive IT outage caused by cybersecurity firm CrowdStrike that affected numerous industries across the globe.