The Record’s ransomware tracker has released data on July attacks, showing a new high in ransom-based extortion.
What happened
The Record keeps an ongoing ransomware tracker, updated monthly, to help organizations understand and analyze potential vulnerabilities.
According to the report, there were 484 attacks in July, while only 408 in June. The report utilized data collected from extortion sites, government agencies, news reports, hacking forums, and other sources.
The Record believes the uptick was partially due to the MOVEit attack from Russia-based ransomware group Clop. In July, The Record linked 35% of attacks to Clop and found that the education sector was the hardest hit.
According to recent reports, the MOVEit breach alone is estimated to have affected more than 40 million people and 600 organizations worldwide.
Despite Clop’s growing number of victims, LockBit remains one of the largest extortion organizations. The Record estimates that LockBit has posted nearly 1800 organizations’ information to extortion sites.
Ransomware attacks in healthcare remain high but steady. The report found 36 healthcare organizations were victimized by nefarious groups in both June and July, while May saw a drop and April had the highest number of victims so far this year.
Read more: Massachusetts hospital announces breach from MOVEit attack
Why it matters
Ransomware attacks don’t appear to be subsiding, and trends point to groups victimizing organizations in singular swoops, contributing to the growing number of cases.
Organizations shouldn’t ignore the massive attacks occurring, especially if they record any potentially sensitive data.
As attacks continue, new strategies are being suggested to prevent revictimization. Refusal to pay is becoming a popular strategy where organizations refuse to pay the ransom. The strategy can result in ransomware organizations selling private information but may prevent an organization from being targeted again.
Other experts are encouraging organizations to design a detailed response plan to mitigate the impact of attacks and help affected systems become operational as quickly as possible.
Read more: HSCC Cybersecurity Working Group releases new incident response template
What was said
Allan Liska, a ransomware expert at Recorded Future who assists in tracking attacks, compared July 2023 attacks with those from July 2022. He said, “[There were] 214 attacks in July 2022 spread across 24 different groups, versus 484 spread across 38 different groups [in July 2023].”
Liska also believes that ransomware groups are generally more active right now. “I am not sure people realize just how active the ransomware ecosystem is right now,” he added.
The bottom line
As attacks continue, organizations must be vigilant in updating and patching software, maintaining backup files, and regularly conducting security checks.
Paubox continues to monitor attack trends in the healthcare space to better understand and develop prevention strategies.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
