Serviceteam IT Security News

Ransomware Attacks Decline as Gangs Focus on Lucrative Targets

Ransomware attacks fell by 50% in Q1 2021 as threat actors shifted from using mass spread campaigns to focusing on fewer, larger targets with unique samples, according to the McAfee Threats Report: June 2021.

The researchers noted that the traditional approach of using one form of ransomware to infect and extort payments from many victims is becoming less prominent, mainly because the targeted systems can recognize and block such attempts over time. Instead, they see a trend towards fewer, customized Ransomware-as-a-Service (RaaS) campaigns tailored to larger, more lucrative organizations.

As a result of this shift, the analysis found that the number of prominent ransomware family types declined from 19 in January 2021 to nine in March 2021. The most detected ransomware group in Q1 2021 was REvil, followed by RansomeXX, Ryuk, NetWalker, Thanos, MountLocker, WastedLocker, Conti, Maze and Babuk strains.

Raj Samani, McAfee fellow and chief scientist, explained: “Criminals will always evolve their techniques to combine whatever tools enable them to best maximize their monetary gains with the minimum of complication and risk. We first saw them use ransomware to extract small payments from millions of individual victims. Today, we see RaaS supporting many players in these illicit schemes holding organizations hostage and extorting massive sums for the criminals.”

Numerous high-profile ransomware incidents have taken place this year; these include the attacks on the US East Coast fuel pipeline operator Colonial Pipeline and meat processor JBS, both of which led to substantial payments being paid.

Another important finding from the report was that there was a 117% rise in the spread of cryptocurrency-generating coin mining malware, which McAfee said is as a result of a spike in 64-bit CoinMiner applications. Unlike ransomware, in which victims’ systems are locked up and held hostage until a cryptocurrency payment is made, Coin Miner malware infects organizations’ systems and then silently produces cryptocurrency using those systems’ computing capacity. This tactic means criminals do not need to interact with the victim, who may be completely unaware they are under attack.

Samani added: “The takeaway from the ransomware and coin miner trends shouldn’t be that we need to restrict or even outlaw the use of cryptocurrencies. If we have learned anything from the history of cybercrime, criminals counter defenders’ efforts by simply improving their tools and techniques, sidestepping government restrictions, and always being steps ahead of defenders in doing so. If there are efforts to restrict cryptocurrencies, perpetrators will develop new methods to monetize their crimes, and they only need to be a couple steps ahead of governments to continue to profit.”

In total, McAfee detected an average of 688 new malware threats per minute in Q1 of 2021, representing an increase of 40 threats per minute compared to Q4 of 2020.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply