Jul 25, 2023 - Technology

MOVEit breaches fuel summer ransomware spree

Source: Corvus Insurance; Chart: Axios Visuals
Source: Corvus Insurance; Chart: Axios Visuals

The number of ransomware attacks more than doubled in June from the same month last year, fueled partly by a Russia-linked ransomware gang's exploitation of the MOVEit file-transfer tool, new data suggests.

By the numbers: In June, 456 companies were listed as victims across various dark web extortion sites run by ransomware gangs, according to recent research from cyber insurer Corvus.

  • That's a roughly 180% increase from last June.

Why it matters: The summer months usually bring a brief reprieve as hackers also take vacations, but this summer is on track to be different.

The big picture: 93% of organizations believe the threat of ransomware has grown in 2023, and 45% say they've been a ransomware victim already this year, according to data released Tuesday by security firm Cohesity.

  • This year's bump in ransomware attacks is likely due to the steep decline in attacks in 2022 following Russia's war in Ukraine, Jason Rebholz, CISO at Corvus, told Axios in an email.

The intrigue: Russia-linked ransomware gang Cl0p's campaign exploiting a security flaw in MOVEit inflated Corvus' numbers.

  • Nearly 20% of the alleged June victims were associated with the MOVEit breach, according to the Corvus report.
  • However, even without Cl0p's campaign, the month still saw a 128% year-over-year increase in the number of victims.

Yes, but: Listings on dark web sites aren't always accurate, and they don't always tell the full story.

  • Ransomware gangs post the victims they've targeted after the victims fail to pay a ransom within a certain period of time. If an organization does pay, it's not listed.
  • And ransomware gangs also tend to inflate or exaggerate their claims. Last month, hackers listed Taiwanese chipmaker TSMC on its dark web site when they actually hit one of the company's IT hardware suppliers.

Sign up for Axios’ cybersecurity newsletter Codebook here

Go deeper