REvil is dominating the global ransomware scene

Representational image of a cybercriminal
(Image credit: Pixabay)

Cybersecurity experts traced a clear majority (73%) of ransomware detections in Q2 2021 to one group - the REvil gang.

For its October Advanced Threat Research Report, McAfee Enterprise crunched threat data from over a billion sensors across multiple threat vectors around the world.

“Names such as REvil, Ryuk, Babuk, and DarkSide have permeated into public consciousness, linked to disruptions of critical services worldwide. And with good measure, since the cybercriminals behind these groups, as well as others, have been successful at extorting millions of dollars for their personal gain,” noted Raj Samani, McAfee Enterprise fellow and chief scientist. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

According to the report, cloud incidents that attacked businesses in the US accounted for 34% of incidents recorded in Q2 2021. Notably, even though Europe saw the largest increase in reported incidents (52%), the UK registered a drop of 19% in the time period. 

Evolving landscape

According to the researchers, Q2 2021 was an interesting quarter for ransomware as it managed to attract unprecedented attention from the US administration.

In fact, the response to DarkSide’s attack on Colonial Pipeline, and REvil’s campaign against the global IT infrastructure provider Kaseya, caused both groups to halt their operations abruptly.

Interestingly, the fear of repercussions from the authorities even prompted the cybercriminal underground forums that provide safe haven for these cybercriminals to institute a ban on ransomware advertisements. 

However, as the report notes, these actions appear to be temporary measures, as REvil has reared its head on the forums once again, while DarkSide seems to have evolved into BlackMatter.

The good however is that the report shows that attacks across several sectors, such as information and the manufacturing sectors, were down. 

“Organizations shouldn’t get complacent, however, and should use this as an opportunity to figure out what has worked well and how they could tighten up their defences against future attacks,” suggested Adam Philpott, EMEA President at McAfee Enterprise.

If the threat actors were expecting the threat of action from the authorities has blown over, they have another thing coming as US President Joe Biden has announced plans to bring together over 30 countries to jointly tackle the rising ransomware menace.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.