Ransomware Attacks Decline as Gangs Focus on Lucrative Targets

Written by

Ransomware attacks fell by 50% in Q1 2021 as threat actors shifted from using mass spread campaigns to focusing on fewer, larger targets with unique samples, according to the McAfee Threats Report: June 2021.

The researchers noted that the traditional approach of using one form of ransomware to infect and extort payments from many victims is becoming less prominent, mainly because the targeted systems can recognize and block such attempts over time. Instead, they see a trend towards fewer, customized Ransomware-as-a-Service (RaaS) campaigns tailored to larger, more lucrative organizations.

As a result of this shift, the analysis found that the number of prominent ransomware family types declined from 19 in January 2021 to nine in March 2021. The most detected ransomware group in Q1 2021 was REvil, followed by RansomeXX, Ryuk, NetWalker, Thanos, MountLocker, WastedLocker, Conti, Maze and Babuk strains.

Raj Samani, McAfee fellow and chief scientist, explained: “Criminals will always evolve their techniques to combine whatever tools enable them to best maximize their monetary gains with the minimum of complication and risk. We first saw them use ransomware to extract small payments from millions of individual victims. Today, we see RaaS supporting many players in these illicit schemes holding organizations hostage and extorting massive sums for the criminals.”

Numerous high-profile ransomware incidents have taken place this year; these include the attacks on the US East Coast fuel pipeline operator Colonial Pipeline and meat processor JBS, both of which led to substantial payments being paid.

Another important finding from the report was that there was a 117% rise in the spread of cryptocurrency-generating coin mining malware, which McAfee said is as a result of a spike in 64-bit CoinMiner applications. Unlike ransomware, in which victims’ systems are locked up and held hostage until a cryptocurrency payment is made, Coin Miner malware infects organizations’ systems and then silently produces cryptocurrency using those systems’ computing capacity. This tactic means criminals do not need to interact with the victim, who may be completely unaware they are under attack.

Samani added: “The takeaway from the ransomware and coin miner trends shouldn’t be that we need to restrict or even outlaw the use of cryptocurrencies. If we have learned anything from the history of cybercrime, criminals counter defenders’ efforts by simply improving their tools and techniques, sidestepping government restrictions, and always being steps ahead of defenders in doing so. If there are efforts to restrict cryptocurrencies, perpetrators will develop new methods to monetize their crimes, and they only need to be a couple steps ahead of governments to continue to profit.”

In total, McAfee detected an average of 688 new malware threats per minute in Q1 of 2021, representing an increase of 40 threats per minute compared to Q4 of 2020.

What’s hot on Infosecurity Magazine?