Ransomware rampage: unprecedented July 2023 records in attack levels

July 2023 witnessed an unprecedented surge in ransomware attacks driven by the Cl0p group’s exploitation of MOVEit software, as reported by NCC Group’s Global Threat Intelligence team.


In the midst of escalating digital threats, July 2023 marked a grim milestone as ransomware attacks shattered all records, propelled by the calculated exploits of the Cl0p ransomware group targeting MOVEit software.

The latest report unveiled by NCC Group’s Global Threat Intelligence team disclosed an alarming upsurge in ransomware-linked cyberattacks during the preceding month, tallying an astonishing 502 major incidents. This daunting figure reflects a staggering 154% year-on-year escalation, a stark contrast to the 198 attacks documented in July 2022. July’s harrowing statistics exceeded last year’s figures and showcased a 16% hike compared to the previous month, wherein 434 ransomware incidents were cataloged in June 2023.

Attributed to a significant extent to the operations of Cl0P, a notorious faction synonymous with the exploitation of MOVEit software, this surge prompted NCC Group to assert that the recorded surge is intrinsically linked to Cl0P’s activities.

The reverberations of these cyber onslaughts extend across industries, with 31% of ransomware attacks (155 incidents) targeting industrial players. Notable sectors ensnared include professional and commercial services, manufacturing, construction, and engineering. In a chilling twist, Cl0p, LockBit 3.0, and 8Base accounted for 48% of the attacks on professional and commercial services, marking them as prime adversaries.

Consumer cyclicals occupy the second rung in the target list, constituting 16% (79 attacks) of July’s total. This category encompasses hotels, entertainment, media, retail, homebuilding, and the automotive sector. Technology follows suit, comprising 14% (72 incidents), with Cl0p’s pronounced role driving the spike.

With a staggering 54% of attacks against the technology sector attributed to Cl0p, the group’s reach extends to IT service providers, semiconductor suppliers, consumer electronics, and telecommunications services. This ominous reality paints a vivid picture of the contemporary landscape, where digital assailants leverage exploits to hold organizations hostage and amplify their reign of cyber terror.