REvil is dominating the global ransomware scene

Representational image of a cybercriminal
(Image credit: Pixabay)
Audio player loading…

Cybersecurity (opens in new tab) experts traced a clear majority (73%) of ransomware (opens in new tab) detections in Q2 2021 to one group - the REvil gang.

For its October Advanced Threat Research Report, McAfee (opens in new tab) Enterprise crunched threat data from over a billion sensors across multiple threat vectors around the world.

“Names such as REvil, Ryuk, Babuk, and DarkSide have permeated into public consciousness, linked to disruptions of critical services worldwide. And with good measure, since the cybercriminals behind these groups, as well as others, have been successful at extorting millions of dollars for their personal gain,” noted Raj Samani, McAfee Enterprise fellow and chief scientist. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

According to the report, cloud (opens in new tab) incidents that attacked businesses in the US accounted for 34% of incidents recorded in Q2 2021. Notably, even though Europe saw the largest increase in reported incidents (52%), the UK registered a drop of 19% in the time period. 

Evolving landscape

According to the researchers, Q2 2021 was an interesting quarter for ransomware as it managed to attract unprecedented attention from the US administration.

In fact, the response to DarkSide’s attack on Colonial Pipeline (opens in new tab), and REvil’s campaign against the global IT infrastructure provider Kaseya (opens in new tab), caused both groups to halt their operations abruptly.

Interestingly, the fear of repercussions from the authorities even prompted the cybercriminal underground forums that provide safe haven for these cybercriminals to institute a ban on ransomware advertisements. 

However, as the report notes, these actions appear to be temporary measures, as REvil has reared its head (opens in new tab) on the forums once again, while DarkSide seems to have evolved into BlackMatter (opens in new tab).

The good however is that the report shows that attacks across several sectors, such as information and the manufacturing sectors, were down. 

“Organizations shouldn’t get complacent, however, and should use this as an opportunity to figure out what has worked well and how they could tighten up their defences against future attacks,” suggested Adam Philpott, EMEA President at McAfee Enterprise.

If the threat actors were expecting the threat of action from the authorities has blown over, they have another thing coming as US President Joe Biden has announced plans to bring together over 30 countries (opens in new tab) to jointly tackle the rising ransomware menace.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.