Ransomware attacks hit an all-time in March 2023

Emre Çitak
Apr 22, 2023
Updated • Apr 20, 2023

Last month witnessed a historic high in ransomware attacks, with 459 incidents reported by cybersecurity analysts, marking a sharp rise of 91% from the previous month and a staggering 62% compared to March 2022. This surge in ransomware attacks broke all records and was largely attributed to the exploitation of a critical vulnerability, CVE-2023-0669, found in Fortra's GoAnywhere MFT secure file transfer tool by the Clop ransomware gang as a zero-day exploit, which resulted in the theft of data from 130 companies in just ten days.

According to a report by NCC Group, which analyzed these attacks, March 2023's activity continued an upward trend observed since the beginning of the year, with the highest number of hack and data leak incidents recorded in the past three years. Among the most active ransomware gangs in March 2023, Clop performed 129 attacks, which propelled it to the top of NCC Group's graph for the first time in its operational history. This activity displaced LockBit 3.0, which had 97 recorded attacks, to second place for the second time since September 2021.

Ransomware attacks
There are 459 recorded ransomware attacks by cybersecurity analysts last month

Other ransomware groups, including Royal ransomware, BlackCat (ALPHV), Bianlian, Play, Blackbasta, Stormous, Medusa, and Ransomhouse, also showed relatively significant activity during March 2023. However, it was Clop's exploitation of CVE-2023-0669 that set it apart and established its dominance.

Industrial sector at the center of ransomware attacks

In terms of targeted sectors, "Industrials" were the most affected, accounting for 32% of the recorded attacks, which included professional and commercial services, machinery, tools, construction, engineering, aerospace & defense, logistics, transport services, and more. The second most targeted sector was "Consumer Cyclicals," which encompassed construction supplies, specialty retailers, hotels, automobiles, media & publishing, household goods, etc.

The three most active ransomware groups, Clop, LockBit, and Royal, primarily targeted companies within the "Industrials" sector, with Clop and LockBit also directing considerable efforts towards the "Technology" sector. Other sectors that received significant attention from ransomware gangs were "Healthcare," "Basic Materials," "Financials," and "Educational Services."

It is worth noting that ransomware attacks are not targeted but opportunistic. Nonetheless, these attacks highlight the importance of promptly applying security updates, implementing additional measures to mitigate potential zero-day exploits, and monitoring network traffic and logs for suspicious activity. Nearly half of all attacks (221) breached entities in North America, followed by 126 in Europe, and 59 in Asia. The record-breaking ransomware attack activity in March 2023 serves as a grim reminder of the ever-present threat of cyberattacks and the need for robust cybersecurity measures to safeguard against them.

How to protect yourself against ransomware attacks?

To protect yourself from ransomware attacks, it is essential to take proactive measures such as regularly backing up your data, keeping your software and systems up-to-date, installing antivirus and antimalware software, being cautious when opening email attachments and clicking on links, using strong and unique passwords, using two-factor authentication, and educating yourself and your employees on the dangers of ransomware attacks.


Tutorials & Tips

Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.