www.malwarebytes.com Open in urlscan Pro
2600:9000:26da:aa00:16:26c7:ff80:93a1  Public Scan

Form analysis
2 forms found in the DOM

GET

<form id="search-form" onsubmit="submitSearchBlog(event)" method="get">
  <div class="searchbar-wrap-rightrail">
    <label for="cta-labs-rightrail-search-submit-en" aria-label="cta-labs-rightrail-search-submit-en" aria-labelledby="cta-labs-rightrail-search-submit-en">
      <input type="text" id="st-search-input-rightrail" class="st-search-input-rightrail" placeholder="Search Labs">
    </label>
    <button type="submit" id="cta-labs-rightrail-search-submit-en" aria-label="Submit your search query">
      <svg class="svg-icon svg-stroke-mwb-blue svg-search">
        <use href="/images/component-project/templates/blog/blog-svg.svg#svg-search"></use>
      </svg>
    </button>
  </div>
</form>

/newsletter/

<form class="newsletter-form form-inline" action="/newsletter/">
  <div class="email-input">
    <label for="cta-footer-newsletter-input-email-en" aria-label="cta-footer-newsletter-input-email-en" aria-labelledby="cta-footer-newsletter-input-email-en">
      <input type="text" class="email-input-field" id="cta-footer-newsletter-input-email-en" name="email" placeholder="Email Address">
    </label>
    <input name="source" type="hidden" value="">
    <input type="submit" class="submit-bttn" id="cta-footer-newsletter-subscribe-email-en" value="">
  </div>
</form>

Text Content

       
Personal
Personal
 * Products
 * Malwarebytes Premium >
 * Malwarebytes Privacy VPN >
 * Malwarebytes Premium + Privacy VPN >
 * Malwarebytes Browser Guard >
 * Malwarebytes for Teams/small offices >
 * AdwCleaner for Windows >
 *  

 * Have a current computer infection?
   
   CLEAN YOUR DEVICE NOW  

 *  

 * Solutions
 * Free antivirus >
 * Free virus scan & removal >
 * Windows antivirus >
 * Mac antivirus >
 * Android antivirus >
 * iOS security >
 * Chromebook antivirus >
 *  

 * SEE PERSONAL PRICING 

 *  

 * MANAGE YOUR SUBSCRIPTION 

 *  

 * VISIT OUR SUPPORT PAGE 


Business
Business
 * Solutions
 * BY COMPANY SIZE
 * Small Businesses
 *  1-99 Employees 
 * Mid-size Businesses
 *  100-999 Employees
 * Large Enterprise
 *  1000+ Employees
 * BY INDUSTRY
 * Education
 * Finance
 * Healthcare
 * Government

 * Products
 * CLOUD-BASED SECURITY MANAGEMENT
 * Endpoint Protection
 * Endpoint Protection for Servers
 * Endpoint Detection & Response
 * Endpoint Detection & Response for Servers
 * Incident Response
 * Nebula Platform Architecture
 * Mobile Security
 * CLOUD-BASED SECURITY MODULES
 * DNS Filtering
 * Vulnerability & Patch Management
 * Remediation Connector Solution
 * Application Block
 * SECURITY SERVICES
 * Managed Detection and Response 
 * Cloud Storage Scanning Service 
 * Malware Removal Service
 * NEXT-GEN ANTIVIRUS FOR SMALL BUSINESS
 * For Teams

 * Get Started
 *  * Find the right solution for your business
    * See business pricing
   
   --------------------------------------------------------------------------------
   
    * Don't know where to start?
    * Help me choose a product
   
   --------------------------------------------------------------------------------
   
    * See what Malwarebytes can do for you
    * Get a free trial
   
   --------------------------------------------------------------------------------
   
    * Our sales team is ready to help. Call us now
    * +49 (800) 723-4800

Pricing
Partners
Partners
 * Explore Partnerships

 * Partner Solutions
 * Resellers
 * Managed Service Providers
 * Computer Repair
 * Technology Partners
 * Affiliate Partners
 * Contact Us

 * Partner Success Story
 * Marek Drummond
   Managing Director at Optimus Systems
   
   "Thanks to the Malwarebytes MSP program, we have this high-quality product in
   our stack. It’s a great addition, and I have confidence that customers’
   systems are protected."

 * See full story

Resources
Resources
 * Learn About Cybersecurity
 * Antivirus
 * Malware
 * Ransomware
 * Malwarebytes Labs – Blog
 * Glossary
 * Threat Center

 * Business Resources
 * Reviews
 * Analyst Reports
 * Case Studies
 * Press & News

 * Reports
 * 
   
   
   
   The State of Malware 2023 Report
   

 * See Report

Support
Support
 * Technical Support
 * Personal Support
 * Business Support
 * Premium Services
 * Forums
 * Vulnerability Disclosure
 * Report a False Positive

 *  Product Videos
 * 

 * Featured Content
 * 
   
   
   
   Activate Malwarebytes Privacy on Windows device.

 * See Content

FREE DOWNLOAD
CONTACT US
CONTACT US
 * Personal Support
 * Business Support
 * Talk to Sales
 * Contact Press
 * Partner Programs
 * Submit Vulnerability

COMPANY
COMPANY
 * About Malwarebytes
 * Careers
 * News & Press

SIGN IN
SIGN IN
 * MyAccount: manage your personal/Teams subscription >
 * Cloud Console: manage your cloud business products >
 * Partner Portal: management for Resellers and MSPs >

SUBSCRIBE


Threat Intelligence


RANSOMWARE REVIEW: AUGUST 2023

Posted: August 10, 2023 by Threat Intelligence Team

July saw one of the highest number of ransomware attacks in 2023 at 441. At the
forefront of these attacks is, once again, Cl0p.

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware
specialist, who monitors information published by ransomware gangs on their Dark
Web sites. In this report, "known attacks" are those where the victim did not
pay a ransom. This provides the best overall picture of ransomware activity, but
the true number of attacks is far higher.

July saw one of the highest number of ransomware attacks in 2023 at 441, second
only to a record-breaking 556 attacks in May. At the forefront of these attacks
is, once again, Cl0p.

In June, Cl0p shot to the top of the charts due to their use of a zero-day
exploit in MOVEit Transfer, and victims from those attacks continued to be
posted in July. The gang published the data of an additional 170 victims in
July—the second highest number of attacks by a single gang all year, just two
shy of MalasLockers' record in May.

Amidst all the Cl0p chaos, however, a familiar foe seems to be quietly waning:
LockBit.

Known ransomware attacks by gang, July 2023

The LockBit gang is experiencing a steady four-month decline in the number of
attacks it has carried out. Since April 2023, we’ve observed an average decrease
of 20 attacks a month from the group. LockBit’s 107 attacks in April to 41 in
July represents a 62 percent dip in activity.

We’ve seen a similar pattern from LockBit before, and it’s not unusual for
ransomware gang activity to ebb and flow. Still, it’s worth mentioning that a
suspected LockBit affiliate was arrested last month. At least LockBit’s July
numbers, then, could be explained by them simply wanting to lay low for a bit.

When another LockBit suspected affiliate was arrested in November 2022, we also
saw a similar historic low in activity from the group.


"BIG GAME HUNTING" NUMBERS

Research published in July by Chainanalysis showed that ransomware gangs raked
in around $449 million from victims in the last six months. The driving force
behind this huge number? Chainanalysis says it is “big game hunting.” the
practice of targeting large, financially well-off corporations in order to
secure the biggest possible payouts.

Chainanalysis also mentions an increase in payouts less than $1000, meaning
smaller companies are still being targeted by ransomware gangs as well.

At around this same time last year, total payouts were slightly under $300
million—a difference of over $150 million.

One possible reason for this increase, says Chainanalysis, could be that
because fewer and fewer firms are willing to pay the ransom, ransomware gangs
are increasing the size of their ransom demands, the idea being to squeeze the
most money possible out of the firms still willing to pay.

Malwarebytes' own data suggests that the increase in payouts could also be a
simple consequence of there being more ransomware attacks in general. From March
2022 to July 2022, Malwarebytes recorded a total of 1,140 ransomware attacks.
From March 2023 to July 2023, we recorded a total of 2,130.

Likely, there’s a combination of factors at play here. Our logic goes as
follows:

> Bigger targets + greedier gangs + more ransomware attacks in general =
> Historically high payouts.

Known ransomware attacks by country, July 2023

Attacks on the US and UK are at a four-month high. Four-mouth trends on attacks
in Italy, on the other hand, suggest that the country is a new regular in the
monthly "Top Five" of most-attacked countries.

Known ransomware attacks by industry sector, July 2023

In an article published in October of last year, we speculated on the future
evolution of ransomware and how, with the rise of double-extortion schemes, more
and more gangs might pivot away from using encryptors entirely. Interestingly,
new research last month by Huntress seems to support this idea—exemplified
by the most active ransomware gang today no less.

In their massive zero-day exploitation sprees, Cl0p has apparently not deployed
ransomware at all. Instead, the group has focused on simply stealing company
data to then later use as leverage against victims.

This move represents a significant departure from the majority of top ransomware
gangs, and it forces organizations to rethink the nature of the problem: i’s not
about ransomware per se, it’s about an intruder in your network. The really
dangerous thing is turning out to be the access, not the ransomware software
itself. 

Cl0p's focus on exploiting zero-days for initial access is revolutionary on its
own. Pairing this with a pure data-exfiltration approach could signal an even
bigger paradigm shift in how ransomware gangs operate into the future.

Speaking of innovations from top gangs, last month ALPHV was observed offering
an API for their data leak site. 

The new API is a conduit for swift data dissemination, helping other
cybercriminals instantly access and distribute the stolen information on the
dark web. The overarching goal here —especially considering that ALPHV failed
to seek a ransom from recently-breached cosmetics company Estee Lauder—seems to
be to pressure victims to pay as stolen data reaches wider audiences.

Time will tell if the move pays off, but if nothing else, it signals
cybercriminal desperation amid declining ransomware payments.


NEW PLAYERS


CATCUS 

CACTUS emerged in March 2023 as a fresh strain of ransomware, zeroing in on
large-scale commercial operations. Last month, they published 18 victims on
their leak site.

To infiltrate systems, this gang exploits well-known vulnerabilities present in
VPNs. Once CACTUS operatives gain access to a network, they enumerate local and
network user accounts and reachable endpoints. Following this, they craft new
user accounts and deploy their ransomware encryptor. The uniqueness of CACTUS
lies in their use of specialized scripts that automate the release and
activation of the ransomware through scheduled tasks.



The CACTUS leak site


CYCLOPS/KNIGHT 

Though the underworld caught wind of Cyclops in May 2023, it's only recently
that evidence of their activities surfaced as new victims' details appeared on
their dark web portal. In addition, they've announced a shift in branding to
"Knight." Last month, they published 6 victims on their leak site.

This ransomware is versatile, capable of compromising Windows, Linux, and macOS
systems alike. Cyclops stands out with its intricate encryption methodology,
which mandates a unique key to decrypt the execution binary. Cyclops also comes
equipped with a distinct stealer component designed to extract and transfer
sensitive information.

The Cyclops/Knight leak site


HOW TO AVOID RANSOMWARE

 * Block common forms of entry. Create a plan for patching vulnerabilities in
   internet-facing systems quickly; disable or harden remote access like RDP and
   VPNs; use endpoint security software that can detect exploits and malware
   used to deliver ransomware.
 * Detect intrusions. Make it harder for intruders to operate inside your
   organization by segmenting networks and assigning access rights prudently.
   Use EDR or MDR to detect unusual activity before an attack occurs.
 * Stop malicious encryption. Deploy Endpoint Detection and Response software
   like Malwarebytes EDR that uses multiple different detection techniques to
   identify ransomware, and ransomware rollback to restore damaged system files.
 * Create offsite, offline backups. Keep backups offsite and offline, beyond the
   reach of attackers. Test them regularly to make sure you can restore
   essential business functions swiftly.
 * Don’t get attacked twice. Once you've isolated the outbreak and stopped the
   first attack, you must remove every trace of the attackers, their malware,
   their tools, and their methods of entry, to avoid being attacked again.

--------------------------------------------------------------------------------

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you
from getting reinfected. Want to learn more about how we can help protect your
business? Get a free trial below.

TRY NOW

SHARE THIS ARTICLE

--------------------------------------------------------------------------------

COMMENTS



--------------------------------------------------------------------------------

RELATED ARTICLES

Business


PCMAG RANKS MALWAREBYTES #1 CYBERSECURITY VENDOR

August 15, 2023 - PCMag readers named Malwarebytes the #1 most-recommended
security software vendor in its list of Best Tech Brands for 2023. 

CONTINUE READING 0 Comments

Exploits and vulnerabilities | News


FORD SAYS IT’S SAFE TO DRIVE ITS CARS WITH A WIFI VULNERABILITY

August 15, 2023 - A vulnerability in the SYNC 3 infotainment will not have a
negative effect on driving safety, says Ford.

CONTINUE READING 0 Comments

News | Personal


25 MOST POPULAR WEBSITES VS MALWAREBYTES BROWSER GUARD

August 15, 2023 - We put Malwarebytes Browser Guard up against the top 25
websites. It knocked out 172 trackers and other unwanted items.

CONTINUE READING 0 Comments

Podcast


A NEW TYPE OF "FREEDOM," OR, TRACKING CHILDREN WITH AIRTAGS, WITH HEATHER KELLY:
LOCK AND CODE S04E17

August 14, 2023 - This week on Lock and Code, we speak with Heather Kelly about
why how parents are using AirTags to give their kids "freedom."

CONTINUE READING 0 Comments

News


A WEEK IN SECURITY (AUGUST 7 - AUGUST 13)

August 14, 2023 - A list of topics we covered in the week of August 7 to August
13 of 2023

CONTINUE READING 0 Comments

--------------------------------------------------------------------------------

ABOUT THE AUTHOR

Threat Intelligence Team





PROTECT YOUR DEVICE

Scan your device today and see why millions trust Malwarebytes to keep them
protected.

Free Download


PROTECT YOUR BUSINESS FROM RANSOMWARE

Prevent more. Detect earlier.

Free Trial


Contributors


Threat Center


Podcast


Glossary


Scams

Cyberprotection for every one.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our
newsletter and learn how to protect your computer from threats.



Cyberprotection for every one.

FOR PERSONAL

Windows Antivirus

Mac Antivirus

Android Antivirus

Free Antivirus

VPN App (All Devices)

Malwarebytes for iOS

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

FOR PARTNERS

Managed Service Provider (MSP) Program

Resellers

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner


Free Password Generator

Anti Ransomware Protection

ADDRESS

3979 Freedom Circle
12th Floor
Santa Clara, CA 95054

ADDRESS

One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus


What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor
Cork T12 X8N6
Ireland

   English
Legal
Privacy
Accessibility
Vulnerability Disclosure
Terms of Service


© 2023 All Rights Reserved

Select your language

 * English
 * Deutsch
 * Español
 * Français
 * Italiano
 * Português (Portugal)
 * Português (Brasil)
 * Nederlands
 * Polski
 * Pусский
 * 日本語
 * Svenska

New Buy Online Partner Icon Warning Icon Edge icon

This site uses cookies in order to enhance site navigation, analyze site usage
and marketing efforts. Please see our privacy policy for more information.
Privacy Policy

Cookies Settings Decline All Accept All Cookies



PRIVACY PREFERENCE CENTER

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
Privacy Policy
Allow All


MANAGE CONSENT PREFERENCES

STRICTLY NECESSARY

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms.    You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.

Cookies Details‎

PERFORMANCE AND FUNCTIONALITY

Performance and Functionality

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages.    If you do not allow these cookies then
some or all of these services may not function properly.

Cookies Details‎

SOCIAL MEDIA

Social Media

These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit.    If you do not allow these cookies you may not be
able to use or see these sharing tools.

Cookies Details‎

ANALYTICS

Analytics

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.    All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.

Cookies Details‎

ADVERTISING

Advertising

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites.    They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.

Cookies Details‎
Back Button


BACK



Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

 * 
   
   View Cookies
   
    * Name
      cookie name

Decline All Confirm My Choices