Record-High Ransomware Heavily Influenced by Cl0p

Published on
August 25, 2023

Record-High Ransomware Heavily Influenced by Cl0p

There are 1.7 million ransomware attacks every day. According to Verizon’s 2022 data breach report, this cyber crime has been steadily increasing over the last five years with a 13% growth rate from 2017 to 2022; this trajectory was expected to continue as time passes – until last month that is. 

Researchers found that in a year-on-year comparison from last July to July 2023 that there was a massive increase in the number of attacks in each month - 153% to be exact. NCC Group released a new report that shows these record-high levels of ransomware activity and, in the report, unveils that these statistics were heavily affected by the threat actor Cl0p – the group was responsible for 171 of the 502 attacks which occurred in July. Cl0p has been successful in their campaign of ransomware due to their exploitation of the MOVEit vulnerability which has been impacting its users for months now. 

MOVEit is a file-transfer service which has recently encountered a zero-day vulnerability – a vulnerability which is known by the company but remains unpatched, and therefore continues as an exploitable entry point for attackers. MOVEit is used by many highly regulated players in multiple industries and is considered an accredited and safe file-transfer service, despite the ongoing attacks on the service. Some organizations have been impacted by their direct use of MOVEit and others are feeling the effects of working with third-party vendors who use the service. Regardless of how the companies are being exposed to MOVEit, many are turning away from the service due to the growing number of attacks on entities associated with it. 

The growth from July 2022 to July 2023 in the number of ransomware attacks is astonishing – the growth from June 2023 to the next month is also high, at 16% more attacks in July than the month prior. 

Responsible for over a third of the reported ransomware attacks last month, Cl0p ransomware group is a major player in this cyber crime. Cl0p is a Ransomware-as-a-Service (RaaS) group for cybercriminals who wish to attack high value targets with the hopes of taking home high value ransoms.The group utilizes a file-encrypting malware that exploits vulnerabilities such as MOVEit’s zero-day vulnerability and often saves the encrypted files with the extension “.clop”. This word “clop” comes from the Russian word “klop” which means “bed bug” – an appropriate annoyance to name their attacks after.

While July’s numbers are highly indicative of the success Cl0p is experiencing in their nefarious exploitation of vulnerabilities, it is also a sign for the direction ransomware attacks are headed as a whole. The cybercrime is on track to make record-breaking numbers this year and it is important for businesses to take preventative action as well as setting up recovery plans in the event an attack occurs so as to mitigate the potential time and money lost in such an incident. 

Image by Freepik.