REvil alone accounts for a significant portion of Q2 2021 ransomware attacks

Daniel Sims

Posts: 165   +7
Staff
In brief: McAfee's latest digital security report paints some stark numbers when it comes to ransomware attacks. The computer security provider goes into detail on several subjects. However, one that sticks out is how heavily weighted ransomware attacks are towards one particular group and one type of target.

Computer security company McAfee recently published its Advanced Threat Research Report for October 2021. One of the subjects it covers is statistics on ransomware attacks the company detected in the second quarter of this year. In terms of the number of detections, the top 10 ransomware groups were RansomeXX, Ryuk, Netwalker, Thanos, MountLocker, WastedLocker, Exorcist, Conti, Maze, and in the lead, REvil.

Over the summer, REvil famously hit IT management platform Kaseya and, through it, many other businesses, demanding $70 million for the decryption key to unlock victims' files. McAfee's numbers show that REvil, using its Sodinokibi ransomware payload, was responsible for 73 percent of ransomware detections out of the top 10 groups in Q2 2021. According to McAfee's report, governments were the most popular target, followed by telecom, energy, and media.

Eventually, security groups released free decryption keys to the public to unlock systems hit by past REvil attacks. However, it came to light that the FBI could have facilitated the release of the keys sooner than it chose to. After disappearing temporarily, REvil has remerged and resumed ransomware attacks. REvil also rents out its ransomware to other groups seeking to commit attacks, but it seems they have also used backdoors in their software to steal ransoms paid to their clients.

Permalink to story.

 

brucek

Posts: 940   +1,360
I do not understand why here in the US we have not long ago passed laws declaring a) that no level of government shall pay ransoms; b) authorizing the NSA and any similar security agency to use all its data and powers to track those using and developing and ransomware; c) authorizing rendition or military response against those who attack US targets and whose host country will not extradite; and d) removing any statute of limitations against future prosecution, should better technology for tracking the injections or the payments become available over time.

This would not stop it overnight, but it would make for a significant change from the currently over-tempting balance of easy quick payouts and relatively low risk.
 

Gars

Posts: 295   +23
All you said is true

then, you need to read every word of your statement and put in front of a) b) c) d) - 'the police is to/the state is to"

then you'll have the complete vision for the US nature

no life, only debts

/sry for the rant, ransomware is made 'by the state'