March 2023 was a devastating month for cybersecurity, as a historic high of 459 ransomware attacks was reported by analysts. This marked a sharp increase of 91% from the previous month and a staggering 62% compared to March 2022. The unprecedented surge in ransomware attacks was largely attributed to the exploitation of a critical vulnerability, CVE-2023-0669, found in Fortra’s GoAnywhere MFT secure file transfer tool by the Clop ransomware gang. This zero-day exploit resulted in the theft of data from 130 companies in just ten days.
NCC Group, which analyzed these attacks, reported that March 2023’s activity continued an upward trend observed since the beginning of the year, with the highest number of hack and data leak incidents recorded in the past three years. Among the most active ransomware gangs in March 2023, Clop performed 129 attacks, which propelled it to the top of NCC Group’s graph for the first time in its operational history. This activity displaced LockBit 3.0, which had 97 recorded attacks, to second place for the second time since September 2021.
Other ransomware groups, including Royal ransomware, BlackCat (ALPHV), Bianlian, Play, Blackbasta, Stormous, Medusa, and Ransomhouse, also showed relatively significant activity during March 2023. However, it was Clop’s exploitation of CVE-2023-0669 that set it apart and established its dominance.
Industrial sector at the center of ransomware attacks
The “Industrials” sector was the most affected, accounting for 32% of the recorded attacks, including professional and commercial services, machinery, tools, construction, engineering, aerospace & defense, logistics, transport services, and more. The second most targeted sector was “Consumer Cyclicals,” which encompassed construction supplies, specialty retailers, hotels, automobiles, media & publishing, household goods, etc.
The three most active ransomware groups, Clop, LockBit, and Royal, primarily targeted companies within the “Industrials” sector, with Clop and LockBit also directing considerable efforts towards the “Technology” sector. Other sectors that received significant attention from ransomware gangs were “Healthcare,” “Basic Materials,” “Financials,” and “Educational Services”.
Protecting yourself against ransomware attacks
It is worth noting that ransomware attacks are not targeted but opportunistic. Nonetheless, these attacks highlight the importance of promptly applying security updates, implementing additional measures to mitigate potential zero-day exploits, and monitoring network traffic and logs for suspicious activity. Nearly half of all attacks (221) breached entities in North America, followed by 126 in Europe, and 59 in Asia. The record-breaking ransomware attack activity in March 2023 serves as a grim reminder of the ever-present threat of cyberattacks and the need for robust cybersecurity measures to safeguard against them.
To protect yourself from ransomware attacks, it is essential to take proactive measures such as regularly backing up your data, keeping your software and systems up-to-date, installing antivirus and antimalware software, being cautious when opening email attachments and clicking on links, using strong and unique passwords, using two-factor authentication, and educating yourself and your employees on the dangers of ransomware attacks.
It is also important to understand the role of antivirus software in your personal security. Check it out from our writing titled what is an antivirus and how does it work.
