Ransomware activity from CL0P, a newer entrant to the list of top ransomware groups, increased by 65%, according to Nuspire's Q2 2023 Cyber Threat Report. J.R. Cunningham, chief security officer at Nuspire says that many organizations greatly increase their risk of exposure to ransomware and lack sufficient patch and vulnerability management operations.
“Ransomware groups like LockBit and CL0P have driven a significant rise in attacks over the last several months because of their relentless exploitation of zero-day and known vulnerabilities. MOVEit Transfer is a recent example of the scale and scope these attacks can take; however, our data shows that older vulnerabilities like Apache Software continue to be ripe for exploitation," says Cunningham.
Other notable findings from the 2nd quarter report include the following:
- Total ransomware extortion publications increased by nearly 18%.
- Extortions in the financial industry through ransomware increased 43%
- Apache vulnerabilities comprise 25% of exploits*. Apache Software can be found in approximately 31% of all global websites, making this finding particularly concerning.
- Botnets grew approximately 16% in Q2, with Torpig Mebroot, a trojan renowned for its data-theft capabilities maintaining its position as the top botnet detected.
"The latest IDC research on ransomware showed the incidents rates have grown considerably since the July 2021 sample. Only 22% of organizations (in the March 2023 sample) attacked by ransomware were able to recover data/files without paying a ransom," said Cathy Huang, research director for security services at IDC.