However, when it happens it can be devastating. The successful use of zero-day vulnerabilities by ransomware gangs like Cl0p and REvil is, thankfully, relatively rare. The Kaseya attack involved a malicious auto-update that pushed the REvil ransomware onto victims’ machines, primarily targeting Managed Service Providers (MSPs), causing widespread downtime for over 1,000 companies. Between them, the Anglosphere countries of the USA, Canada, UK, and Australia accounted for 69% of known Cl0p attacks, with Canada and Australia suffering more attacks than countries with bigger populations and economies, like Germany and France.Ĭl0p’s ability to exploit a zero-day to such effect is akin only in recent memory to the Kaseya VSA ransomware incident in July 2022. Recent research by Malwarebytes highlighted the bias that ransomware gangs have for attacking English-speaking countries, and the Cl0p campaign follows the same trend. March has also seen some intriguing activity from other ransomware gangs like DarkPower, which appeared to be turning on and off throughout the month, as well as BianLian, which has shifted its focus from encrypting files altogether to pure data-leak extortion.įortra, the company behind GoAnywhere MFT, released an emergency patch (7.1.2) for the vulnerability in early February-but by then, Cl0p had already used it to break into a myriad of networks and deploy ransomware. The group successfully breached over 104 organizations by taking advantage of a zero-day vulnerability in the widely-used managed file transfer software, GoAnywhere MFT. Indeed, while LockBit was still used in 93 successful attacks last month, it couldn’t quite match the sheer force of Cl0p’s sudden resurgence.Ĭontributing to Cl0p’s rise to the number one spot was its extensive GoAnywhere campaign. In a surprising turn of events for the ransomware landscape, Cl0p has emerged as the most used ransomware in March 2023, dethroning the usual frontrunner, LockBit. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. In this report, “known attacks” are those where the victim didn’t pay a ransom. This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |