Despite the Changing Hacking Scene, Ransomware Thrives

According to a new McAfee Enterprise research, ransomware is still on the rise despite changes in the underground hacker scene that have occurred in 2021

Despite the Changing Hacking Scene, Ransomware Thrives
Despite the Changing Hacking Scene, Ransomware Thrives | Image credits: Security Magazine

The report, titled "Advanced Threat Research Report: October 2021," looked at cybercriminal activities connected to ransomware and cloud threats in the second quarter of 2021, according to the authors.

In the wake of the remote working trend and the well-publicized attack on the Colonial Pipeline, cybercriminals have launched new and improved threats and techniques in campaigns against well-known industries like government, finance, and entertainment.

There was an uptick in ransomware advertising during the same quarter when influential underground forums XSS and Exploit imposed a ban on the practice. The DarkSide ransomware organization, which had been extremely active, ceased operations during the third quarter.

Ransomware attacks linked to the REvil/Sodinokibi family accounted for 73% of all attacks during a three-month period. Attacks against legal services, wholesale and manufacturing were also part of the DarkSide ransomware campaign.

Ransomware mostly targeted the government, telecom, energy, and media and communications industries in the second quarter of 2021. During the second quarter of 2021, the governmental sector saw a 64% increase in publicly reported cyber events, followed by the entertainment industry, which saw a 60% increase. Information and communication decreased by 50%, whereas manufacturing decreased by 26% over the same period.

Malware is the most common method of spreading ransomware

50% of the top ten cloud events targeted financial services, with attacks occurring in the United States, Singapore, China, France, Canada, and Australia.

The Ryuk, REvil, Babuk, and Cuba ransomware organizations that use affiliate models were prominent in the third quarter. Affiliates receive a portion of any money that is made from ransomware as part of a standard arrangement where ransomware owners hire others to carry out attacks using hacking tools.

The most common method of disseminating ransomware is through the use of malware. Malicious scripts grew by 125%, followed by spam, which saw a 250% spike in reported cases over the previous quarter.