The number of traditional ransomware attacks may have dropped last month, but the disclosure of the zero-day flaw in Progress Software’s MoveIt Transfer product continued to increase. The Clop ransomware gang claimed more victims, showcasing a new trend in cybercriminal tactics.
As ransomware gangs evolve, they have started to forgo encryption and focus on stealing sensitive data instead. They have also become more aggressive in their extortion tactics. This evolution is evident in the attacks on vulnerable MoveIt Transfer instances. These attacks involve data theft and exposure, but no ransomware is used to encrypt the data. It is important to note that TechTarget’s database only counts attacks that involve encryption or attempted encryption of victims’ data.
The number of victims affected by the Clop ransomware threat actor has continued to rise. TechTarget Editorial has separately tracked at least 29 additional victims two months after the attacks first came to light. Many organizations in the financial and education sectors have been affected, including Johns Hopkins University, University of Rochester, and 1st Source Bank. The bank revealed that the attack had impacted 450,000 customers.
According to cybersecurity vendor Emsisoft, the total number of MoveIt Transfer attack victims has now reached 566 organizations and over 40 million people worldwide. These numbers include victims listed on Clop’s data leak site, although some have yet to confirm that they were indeed affected.
Several notable incidents involving traditional ransomware attacks were also recorded in July. George County in Mississippi fell victim to a ransomware attack that started with a phishing email. The attackers left a note demanding payment in Bitcoin to unlock encrypted files. The county had backed up its systems prior to the attack and was in the process of restoring those backups. The Department of Justice, the FBI, and the State of Mississippi initiated an investigation into the attack.
The City of Hayward in California declared a state of emergency due to a ransomware attack that caused prolonged disruption to its network. However, the city’s network was gradually coming back online, and no ransom had been paid.
The Town of Cornelius in North Carolina detected a ransomware incident on July 11 and immediately severed on-site technology from the network. Some services were temporarily unavailable or delayed, including phone services. Cornelius reported that there was no data exfiltration, and the town has been working to restore systems from backup servers.
The City of West Jordan in Utah experienced a cyber attack in June that caused disruptions. It was confirmed as a ransomware attack in July, with attackers demanding a significant amount of money. However, the city did not pay the ransom as it had cyber insurance coverage to assist with recovery costs. As of July 13, West Jordan was still working with a cybersecurity firm to restore systems.
The Langlade County Sheriff’s Office in Wisconsin reported a catastrophic software failure on July 11 that affected all phone lines. The LockBit ransomware gang claimed responsibility for the attack.
Even the healthcare sector, a common target for ransomware groups, was not spared. Tampa General Hospital in Florida disclosed that it had suffered an attack in May but managed to effectively prevent encryption. However, patient data was still exfiltrated, including sensitive information such as names, addresses, Social Security numbers, and medical records. Over 1.2 million patients were affected by this breach.
These incidents highlight the increasing threat of ransomware attacks and the evolving tactics employed by cybercriminals. Organizations across various sectors must remain vigilant and prioritize cybersecurity measures to protect sensitive data and prevent costly disruptions.