McAfee Enterprise sees proliferation of REvil and DarkSide Ransomware increase in Q2 2021


SAN JOSE, Calif .– (COMMERCIAL THREAD) – McAfee Enterprise today released its Advanced Threat Research Report: October 2021, examining cybercriminal activity related to ransomware and cloud threats in Q2 2021. With the shift to a more flexible pandemic workforce and the high-profile Colonial Pipeline attack, cybercriminals have introduced new threats and tactics in campaigns targeting important sectors. , such as government, financial services and entertainment.

“Ransomware has evolved far beyond its origins, and cybercriminals have become smarter and faster to pivot their tactics alongside a host of new patterns of malicious actors,” said Raj Samani, researcher and chief researcher at McAfee Enterprise. “Names like REvil, Ryuk, Babuk and DarkSide have crept into public consciousness, linked to disruptions to critical services around the world. And with good measure, since the cybercriminals behind these groups, as well as others, have managed to extort millions of dollars for personal gain.

Each quarter, McAfee assesses the state of the cyber threat landscape based on in-depth research, investigative analysis and threat data collected by the McAfee Global Threat Intelligence cloud from more than one billion sensors across several threat vectors around the world.

Ransomware increases dominance with impact of colonial pipeline

The second quarter of 2021 was a dynamic quarter for ransomware, earning its place as a top cyber agenda item for the US administration following the Colonial Pipeline attack. The impact of the abrupt supply chain shutdown has affected much of the eastern United States, creating a fuel consumption frenzy. Beyond the impact on the supply chain, ransomware has been excluded from historically safe cybercriminal underground forums. The political response to the Colonial Pipeline attack saw two of the most influential underground forums – XSS and Exploit – announce a ban on ransomware ads. It also appeared to cause ransomware group DarkSide to abruptly halt operations, although McAfee Enterprise strongly believes its silence, along with the BlackMatter group emerged, is more than a coincidence, especially since it reflects the same movement performed before and after the REvil period. silence. Despite these noticeable changes in behavior, McAfee Enterprise’s global threat network has identified an increase in the group’s DarkSide attacks against legal, wholesale, and manufacturing targets in the United States.

Equally of concern for the business of DarkSide, other ransomware groups exploiting similar affiliate models, including Ryuk, REvil, Babuk, and Cuba. They have deployed business models supporting the participation of other people to exploit common entry vectors and similar looks to move around an environment. In fact, REvil / Sodinokibi topped our ransomware detections in the second quarter of 2021, accounting for 73% of our top 10 ransomware detections.

Workforce Impact of COVID-19 Continues to Increase Cloud Threats

In Q2 2021, we continued to see the challenges of transitioning cloud security to accommodate a more flexible pandemic workforce and increased workload, which presented cybercriminals with more exploits and potential targets.

According to the McAfee Enterprise Advanced Threat study, in Q2 2021, the following cloud threat incidents and targets ranked in the top 10 reporting countries (US, India, Australia, Canada, Brazil, Japan, Mexico, Great- Brittany, Singapore and Germany):

  • Financial services were the most targeted among reported cloud incidents, followed by healthcare, manufacturing, retail and professional services.

  • Financial services were targeted in 50% of the top 10 cloud incidents, including incidents in the United States, Singapore, China, France, Canada and Australia.

  • Cloud incidents targeting verticals in the United States accounted for 34% of recorded incidents, with a decrease of 19% in Great Britain

  • Most cloud incidents targeting countries were reported in the United States, followed by India, Australia, Canada and Brazil.

  • Cloud incidents targeting the United States represent 52% of recorded incidents.

Q2 2021 Threat Activity

Focus on ransomware. The industry most targeted by ransomware in the second quarter of 2021 was government, followed by telecommunications, energy, and media and communications.

Attack vectors. In the second quarter of 2021, malware was the most widely used technique in reported incidents. Spam saw the largest increase in reported incidents – 250% – from the first to second quarters of 2021, followed by malicious scripts with 125% and malware with 47%.

Sector activity. McAfee Enterprise saw a 64% increase in publicly reported cyber incidents targeting the public sector in the second quarter of 2021, followed by the entertainment industry with a 60% increase. In particular, Information / Communication experienced a 50% drop in Q2 2011, with manufacturing down 26%.

Regions. These incidents increased mainly in the United States and Europe in the second quarter of 2021. The United States had the most reported incidents in the second quarter and Europe recorded the largest increases in reported incidents in the second quarter with 52 %.


About McAfee Enterprise Advanced Threat Research

McAfee Enterprise Advanced Threat Research is a leading source for threat research and threat intelligence. Using data from over a billion sensors on key threat vectors (files, web, messaging, and network), McAfee Enterprise Advanced Threat Research provides real-time threat intelligence, critical analysis and insights. experts to improve protection and reduce risk.

About McAfee Enterprise

McAfee Enterprise is a pure enterprise cybersecurity company. Positioned to meet the changing security needs of corporate customers with a leading portfolio of solutions, McAfee Enterprise serves the needs of modern businesses, organizations and governments around the world. For more information, please visit

McAfee Enterprise features and technology benefits are dependent on system configuration and may require activation of hardware, software, or services. No computer system can be absolutely secure.


About Scott Conley

Check Also

Veterans Day 2022: Moving from military service to financial services

McKenna found the Army as a young man ready to take his next big step. …

Leave a Reply

Your email address will not be published.