UPDATED 00:01 EDT / OCTOBER 04 2021

SECURITY

Ransomware continues to thrive despite changes in hacking scene

Ransomware continues to thrive despite changes in the underground hacking scene this year, according to a new report today from McAfee Enterprise.

The company’s “Advanced Threat Research Report: October 2021” examined cybercriminal activity related to ransomware and cloud threats in the second quarter of 2021. Amid the shift to remote working and the highly publicized Colonial Pipeline attack, cybercriminals introduced new and updated threats and tactics in campaigns targeting prominent sectors, such as government, financial services and entertainment.

The increase occurred in a quarter in which influential underground forums XSS and Exploit announced a ransomware advertisement ban. The quarter was also notable for the highly active DarkSide ransomware group ceasing operations.

During the three-month period, 73% of all ransomware attackers were linked to the REvil/Sodinokibi family and that DarkSide ransomware attacks extended beyond the oil, gas and chemical sector to legal services, wholesale and manufacturing.

The most targeted sector by ransomware in the second quarter of 2021 was the government, followed by telecom, energy, media and communications.  A 64% increase in publicly reported cyber incidents targeted the public sector during the second quarter of 2021, followed by the entertainment sector with a 60% increase. Conversely, the information and communication sector saw a 50% decrease in the quarter with manufacturing down 26%.

Financial services were targeted in 50% of the top 10 cloud incidents, including attacks in the U.S., Singapore, China, France, Canada and Australia.

Ransomware groups operating affiliate models including Ryuk, REvil, Babuk and Cuba remained prominent in the quarter. In a typical ransomware affiliate arrangement, the ransomware owners have others undertake attacks using the hacking tools, with the affiliates taking a cut of any ransomware earned.

Malware remained the most popular technique used to spread ransomware. Spam showed the highest increase in reported incidents — up 250% over the previous quarter — followed by malicious scripts, up 125%, and malware, up 47%.

“Ransomware has evolved far beyond its origins and cybercriminals have become smarter and quicker to pivot their tactics alongside a whole host of new bad-actor schemes,” explained Raj Samani, McAfee Enterprise fellow and chief scientist. “Names such as REvil, Ryuk, Babuk and DarkSide have permeated into public consciousness, linked to disruptions of critical services worldwide. And with good measure, since the cybercriminals behind these groups, as well as others, have been successful at extorting millions of dollars for their personal gain.”

Photo: McAfee

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU