McAfee Enterprise sees ransomware surge in Q2 2021

McAfee Enterprise has released its Advanced Threat Research Report: October 2021, examining cybercriminal activity related to ransomware and cloud threats in the second quarter of 2021. 

Each quarter, McAfee assesses the state of the cyber threat landscape based on in-depth research, investigative analysis, and threat data gathered by the McAfee Global Threat Intelligence cloud from over a billion sensors across multiple threat vectors around the world.

With the shift to a more flexible pandemic workforce, cybercriminals have introduced new threats and tactics in campaigns targeting prominent sectors, such as Government, Financial Services and Entertainment.

“Ransomware has evolved far beyond its origins, and cybercriminals have become smarter and quicker to pivot their tactics alongside a whole host of new bad-actor schemes,” said Raj Samani, McAfee Enterprise fellow and chief scientist. “Names such as REvil, Ryuk, Babuk, and DarkSide have permeated into public consciousness, linked to disruptions of critical services worldwide. And with good measure, since the cybercriminals behind these groups, as well as others, have been successful at extorting millions of dollars for their personal gain.”

What did the research find? 

Increase in ransomware 

During the second quarter of 2021, the high-profile cyber attack of the Colonial Pipleline gained a lot of attention. The impact of the abrupt halt in the supply chain affected much of eastern US, creating a frantic consumer run on fuel. 

McAfee Enterprise’s global threat network identified a surge in DarkSide attacks from the group upon legal services, wholesale, and manufacturing targets in the United States. Equally concerning to DarkSide’s activity were other ransomware groups operating similar affiliate models, including Ryuk, REvil, Babuk, and Cuba. They deployed business models supporting others involvement to exploit common entry vectors and similar looks to move within an environment. In fact, REvil/Sodinokibi topped the ransomware detections in Q2 of 2021, accounting for 73% of the top-10 ransomware detections.

The most targeted sector by ransomware in Q2 of 2021 was Government, followed by Telecom, Energy, and Media & Communications.

Cloud threats 

In the second quarter of 2021, the study found continuing challenges of shifting cloud security to accommodate a more flexible pandemic workforce and an increased workload, which presented cybercriminals with more potential exploits and targets.

According to McAfee Enterprise Advanced Threat research, in Q2 2021, the following cloud threat incidents and targets ranked high among the top 10 reporting countries (United States, India, Australia, Canada, Brazil, Japan, Mexico, Great Britain, Singapore and Germany):

• Financial Services were targeted the most among reported cloud incidents, followed by Healthcare, Manufacturing, Retail, and Professional Services.
• Financial Services were targeted in 50% of the top 10 cloud incidents, including incidents in the United States, Singapore, China, France, Canada, and Australia.
• Cloud incidents targeting verticals in the United States accounted for 34% of incidents recorded, with a 19% decrease in Great Britain
• The most cloud incidents targeting countries were reported in the United States followed by India, Australia, Canada, and Brazil.
• Cloud incidents targeting the United States accounted for 52% of incidents recorded.