2 min

Tags in this article


With a staggering 459 attacks, the increase in ransomware activity is up 91% from the previous month and a whopping 62% compared to March 2022. The primary reason behind this disturbing surge in cybercrime is CVE-2023-0669, a vulnerability found in Fortra’s GoAnywhere MFT secure file transfer tool that the notorious Clop ransomware gang exploited.

Within ten days, the gang stole data from 130 companies, setting a new record for ransomware attacks.

The surge in activity is part of an upward trend observed by NCC Group since the start of the year. The surge has resulted in the highest number of hack and data leak incidents recorded in the past three years.

Clop beats LockBit 3.0

Clop performed 129 attacks last month, displacing LockBit 3.0. That piece of ransomware was used for 97 recorded attacks, placing it firmly in second place. Aside from Clop and LockBit, other ransomware groups that had significant activity during March 2023 include Royal ransomware, BlackCat (ALPHV), Bianlian, Play, Blackbasta, Stormous, Medusa, and Ransomhouse.

The most targeted sector in March 2023 was “Industrials,” receiving 147 ransomware attacks, accounting for 32% of the recorded attacks. This was followed by the “Consumer Cyclicals” sector, encompassing construction supplies, specialty retailers, hotels, automobiles, media, household goods, and more. Other sectors that received significant attention from ransomware gangs are technology, healthcare, basic materials, financials, and educational services.

American spike

Almost half of all attacks (221) breached entities in North America. Europe trails far behind with 126 episodes, while Asia has 59. The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures, and monitoring network traffic and logs for suspicious activity.

As ransomware attacks are usually opportunistic rather than targeted, companies across all sectors must take precautions to ensure they are ready for an attack.

The March 2023 attack is a sobering reminder of the devastating consequences of inadequate cybersecurity measures.