top of page

Alarming Surge in Ransomware Victims: Insights from September 2023

In a concerning development, cybersecurity firm Corvus has reported a substantial increase in ransomware victims during September 2023. A total of 410 new victims were identified on leak sites during the month, signifying a 5.12% rise compared to August. This unsettling trend marks the ninth consecutive month with a year-over-year (YoY) increase in ransomware victims, with a staggering 79.82% uptick compared to the same period in the previous year.

Digging deeper into the data reveals that ransomware attacks have not only increased in frequency but have also maintained a consistently high YoY growth rate. September marks the eighth consecutive month with YoY growth, the sixth month with victim counts surpassing 300, and the fourth month in 2023 with victim counts surpassing 400.

Adding to the distressing statistics, a new ransomware group called LostTrustTeam emerged in September, operating a leak site that featured 52 victims. Although these attacks were not included in the monthly count due to uncertainty regarding the attack dates, their inclusion would have raised the total to 462 victims.

The typical summer slowdown in ransomware activity was notably shorter and later than expected. After record-breaking months in June and July, there was a slight decrease in ransomware attacks in the first half of August. However, September witnessed a significant resurgence in ransomware activity. Following historical patterns, this trend is likely to continue escalating into the fourth quarter of the year.

The CL0P ransomware group, known for its use of exploits to target victims, notably contributed to the swelling ransomware numbers over several months in the year. However, their campaign against MOVEit file transfer and storage software appears to have ceased, with no activity reported in September. When excluding CL0P's impact from the analysis, it becomes evident that ransomware attacks are steadily increasing, even without their significant contribution. In this revised context, September 2023 emerges as the most active month of the year, setting a concerning tone for the upcoming quarter.

Furthermore, September brought the discovery of leak sites associated with new ransomware groups, namely LostTrustTeam, ThreeAM, and CiphBit. These groups are contributing to the escalating threat landscape, adding to the urgency of addressing ransomware attacks.

As Corvus closely monitors these alarming trends, several key observations have come to light:

  1. Seasonal Variation: Ransomware attacks typically experience a Q4 surge, signaling the need for heightened vigilance in the coming months.

  2. Delayed Summer Decrease: The expected summer slowdown in ransomware attacks for 2023 was delayed and less pronounced, primarily due to CL0P's utilization of a zero-day exploit against MOVEit.

  3. High YoY Activity: Ransomware attacks continue to thrive, maintaining a troubling high YoY growth rate. ###


bottom of page