According to NCC Group’s latest monthly Cyber Threat Intelligence Report there were 502 recorded ransomware attacks in July – a new monthly record narrowly beating the previous high recorded in March 2023.

The sharp increase was driven by Clop, which accounted for 171 of the 502 attacks. Clop ransomware first appeared in 2019. Since then there has been a steady increase in observations with the attackers behind it appearing to have a preference for targeting large organisations in the expectation of achieving multi-million dollar ransom payments.

On 31 May MOVEit’s parent company Progress Software issued a patch for the zero-day vulnerability. That was followed a week later by a statement from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warning that Clop attackers had successfully exploited a zero-day vulnerability in MOVEIt software.

Including the July attacks it is possible that more than 730 organisations have so far been compromised by Clop – according to the latest figures from Emsisoft and KonBriefing Research.