Express Computer

Home  »  News  »  McAfee Enterprise sees proliferation of REvil and Darkside Ransomware Surge in Q2 2021

McAfee Enterprise sees proliferation of REvil and Darkside Ransomware Surge in Q2 2021

NewsCloudSecurity
By Express Computer
0 175

McAfee Enterprise has released its Advanced Threat Research Report: October 2021, examining cybercriminal activity related to ransomware and cloud threats in the second quarter of 2021. With the shift to a more flexible pandemic workforce and the highly publicised Colonial Pipeline attack, cyber criminals introduced new – and updated – threats and tactics in campaigns targeting prominent sectors, such as government, financial services and entertainment.

“Ransomware has evolved far beyond its origins, and cybercriminals have become smarter and quicker to pivot their tactics alongside a whole host of new bad-actor schemes. Names such as REvil, Ryuk, Babuk, and DarkSide have permeated into public consciousness, linked to disruptions of critical services worldwide. And with good measure, since the cybercriminals behind these groups, as well as others, have been successful at extorting millions of dollars for their personal gain,” said Raj Samani, McAfee Enterprise Fellow and Chief Scientist. 

Each quarter, McAfee assesses the state of the cyber threat landscape based on in-depth research, investigative analysis and threat data gathered by the McAfee Global Threat Intelligence cloud from over a billion sensors across multiple threat vectors around the world.

The second quarter of 2021 was a vibrant quarter for ransomware, earning its place as a high-profile cyber agenda item for the U.S. administration following the Colonial Pipeline attack. The impact of the abrupt halt in the supply chain affected much of eastern U.S., creating a frantic consumer run on fuel. Beyond the supply chain impact, ransomware is expelled from the historically safe cybercriminal underground forums. The political response to the Colonial Pipeline attack saw two of the most influential underground forums- XSS and Exploit- announce a ban on ransomware advertisements. It also appeared to cause the DarkSide ransomware group to abruptly halt its operations, though McAfee Enterprise strongly believes its silence, at the same time the BlackMatter group appeared, is more than coincidental, especially as it mirrors the same move made before and after REvil’s period of silence. Despite these notable shifts in behavior, McAfee Enterprise’s global threat network identified a surge in DarkSide attacks from the group upon legal services, wholesale, and manufacturing targets in the United States.

Equally concerning to DarkSide’s activity were other ransomware groups operating similar affiliate models, including Ryuk, REvil, Babuk, and Cuba. They deployed business models supporting others’ involvement to exploit common entry vectors and similar looks to move within an environment. In fact, REvil/Sodinokibi topped our ransomware detections in Q2 of 2021, accounting for 73 per cent of our top-10 ransomware detections.

In the second quarter of 2021, it continued to see the challenges of shifting cloud security to accommodate a more flexible pandemic workforce and an increased workload, which presented cybercriminals with more potential exploits and targets.

According to McAfee Enterprise research, in Q2 2021, the following cloud threat incidents and targets ranked high among the top 10 reporting countries (United States, India, Australia, Canada, Brazil, Japan, Mexico, Great Britain, Singapore and Germany):

  • Financial Services were targeted the most among reported cloud incidents, followed by healthcare, manufacturing, retail and professional services. 
  • Financial Services were targeted in 50 per cent of the top 10 cloud incidents, including incidents in the United States, Singapore, China, France, Canada, and Australia. 
  • Cloud incidents targeting verticals in the United States accounted for 34 per cent of incidents recorded, with a 19 per cent decrease in Great Britain 
  • The most cloud incidents targeting countries were reported in the United States followed by India, Australia, Canada and Brazil.
  • Cloud incidents targeting the United States accounted for 52 per cent of incidents recorded.

Get real time updates directly on you device, subscribe now.

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
Powered by Convert Plus
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image