There has been a huge surge in ransomware attacks in the third quarter of the year as increases continue to break existing records, with the expectation that 2023 will be the biggest ever for attacks.

Cyber insurer, Corvus Insurance, has released its Q3 2023 Global Ransomware Report, which analysed data from ransomware leak sites to track evolving trends. According to the report, ransomware attacks continue at a record-breaking pace, with global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY) in the third quarter of the year.

In its Q2 2023 Global Ransomware Report, Corvus noted a significant resurgence in global ransomware attacks, which continued through the third quarter. Now, with two months remaining in the year, the number of ransomware victims in 2023 has already surpassed what was observed for 2021 and 2022. If the trajectory continues, Corvus said 2023 will be the first year with more than 4,000 ransomware victims posted on leak sites.

The insurer said the rise in attacks was driven by two key factors.

“The CL0P ransomware group has played a major role in this spike in 2023 ransomware activity,” The report explained. “CL0P sprung to life in Q1 by exploiting GoAnywhere file transfer software, which impacted more than 130 victims. In Q2, CL0P struck again with the solo use of a mass zero-day exploit by a ransomware group targeting a vulnerability in the MOVEit file transfer software, which impacted 264 victims at the time of this report.

“The single MOVEit vulnerability accounted for 9% of victims listed in Q2 and 13% of victims listed in Q3. Even without these CL0P spikes in attack activity, ransomware numbers would still be up 5% over Q2 and 70% YoY in Q3.”

It added the cyber gangs bucked the usual season trends for attacks.

“Ransomware typically follows seasonal patterns, with incidents decreasing in early May and remaining low through early August,” Corvus explained. “Driven largely by CL0P, this year’s dip in attacks occurred later in June and, rather than continuing to fall, spiked and remained high through the first half of August. Even without CL0P, ransomware activity would still amount to a 70% year-over-year increase.”

“It’s clear that ransomware attacks are on a record-setting pace for 2023 and based on activity at the end of Q3 and early Q4, we fully expect these numbers to surpass anything we have witnessed in previous years,” said Jason Rebholz, CISO, Corvus Insurance. “Aside from these overall numbers, this report demonstrates the impact that a single ransomware group like CL0P can have when they invest in new tactics, which is what we saw with the mass zero-day exploit that wreaked havoc over the second and third quarters.”

“Ransomware actors can quickly pivot their focus, and no industry is immune. There is no better time to ensure the right security controls are in place to mitigate the threat,” said Rebholz.