September was a record month for ransomware attacks in 2023


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months.

According to NCC Group data, ransomware groups launched 514 attacks in September. This surpasses March 2023 activity, which counted 459 attacks, and was heavily skewed by Clop's MOVEit Transfer data theft attacks.

Clop had virtually no activity in September, which may be a sign the sophisticated ransomware gang is preparing for its next big attack.

However, the record was achieved by other threat groups, led by LockBit 3.0 (79 attacks), LostTrust (53), and BlackCat (47).

LostTrust is a new threat actor in the list, making a dynamic entrance straight to second place.

Believed to be a rebrand of MetaEncryptor due to significant code overlaps, LostTrust has already encrypted the networks of many organizations, some of whom experienced data leaks, too.

RansomedVC, a newcomer in extortion attacks employing GDPR reporting threats, is in NCC's fourth place with 44 attacks. However, it should be noted that some of the attacks claimed by Ransomed were later found to be exaggerated.

This means that roughly one out of five attacks in September came from a new ransomware operation, highlighting their aggressiveness and capability for scale.

In terms of targeted regions, North America took the lion's share with 50%, Europe followed with 30%, and Asia was third with 9%.

The most targeted sectors were 'industrials' (construction, engineering, commercial services) with 169 attacks, 'consumer cyclicals' (retail, media, hotels) with 94, technology (software and IT services, networking, telecommunications) with 52, and healthcare with 38.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.