Ransomware and Data Leak Site Report, March 2023


Ransomware attacks are still a growing concern for organizations of all sizes and across all industries. These attacks involve hackers gaining access to an organization's computer systems, stealing and leaking files before encrypting important files, making them inaccessible to the targeted organisation. The attacker then demands a ransom payment in exchange for the decryption key. Unfortunately, the prevalence of these attacks has been increasing, with recent statistics showing a 70% increase in observed events, to 450 events.

The sector most heavily impacted by ransomware attacks is construction, with 26 identified events during March 2023. This is likely due to the fact that the industry relies heavily on technology and has a large number of small to mid-sized businesses that may not have the resources to invest in robust cybersecurity measures. However, ransomware attacks are not limited to the construction industry. Companies of any size have seen more attacks, with the biggest increase month over month seen by companies with more than 1,000 employees.

A most concerning aspect of ransomware attacks is that they can cause significant financial damage to the victim organization. In addition to the ransom payment demanded by the attacker, the impacted organisation is also experience loss of productivity, damage to their reputation, and legal fees associated with investigating the attack and restoring their systems. Furthermore, there is no guarantee that paying the ransom will result in the decryption key being provided or working as expected.

Recently, the CL0P threat actor group has been particularly active. Earlier this year, they announced that over 130 organizations had been impacted by the 0-day attack. This attack exploited a vulnerability in the GoAnywhere file transfer software, allowing the attackers to gain access to sensitive data. The CL0P group then demanded a ransom payment from the affected organizations in exchange for the decryption key. During the month of March, we have observed 103 organisations being listed by CL0P.

A great way for organizations to stay informed about the latest cyber threats, including ransomware attacks and data leak announcements, is to subscribe to eCrime.ch. This is a subscription-based service that provides up-to-date information about cyber attacks, and threat actors, including those impacting third-party organizations. By subscribing to our service, organizations can gain valuable insights into the tactics and techniques used by cybercriminals. Additionally, by staying informed about attacks impacting third-party organizations, businesses can take steps to minimize their own risk by vetting their vendors and partners more thoroughly and ensuring that those partners have appropriate cybersecurity measures in place.

In conclusion, ransomware attacks are a growing threat to organizations of all sizes and sectors. The increase in observed events and the recent activities of the CL0P group highlight the need for increased vigilance and improved cybersecurity measures and having strong relationship with your service providers. By taking proactive steps to prevent attacks and responding quickly in the event of an incident, organizations can better protect themselves from the financial and reputational damage caused by ransomware attacks and data leaks.