In brief: McAfee's latest digital security report paints some stark numbers when it comes to ransomware attacks. The computer security provider goes into detail on several subjects. However, one that sticks out is how heavily weighted ransomware attacks are towards one particular group and one type of target.
Computer security company McAfee recently published its Advanced Threat Research Report for October 2021. One of the subjects it covers is statistics on ransomware attacks the company detected in the second quarter of this year. In terms of the number of detections, the top 10 ransomware groups were RansomeXX, Ryuk, Netwalker, Thanos, MountLocker, WastedLocker, Exorcist, Conti, Maze, and in the lead, REvil.
Over the summer, REvil famously hit IT management platform Kaseya and, through it, many other businesses, demanding $70 million for the decryption key to unlock victims' files. McAfee's numbers show that REvil, using its Sodinokibi ransomware payload, was responsible for 73 percent of ransomware detections out of the top 10 groups in Q2 2021. According to McAfee's report, governments were the most popular target, followed by telecom, energy, and media.
Eventually, security groups released free decryption keys to the public to unlock systems hit by past REvil attacks. However, it came to light that the FBI could have facilitated the release of the keys sooner than it chose to. After disappearing temporarily, REvil has remerged and resumed ransomware attacks. REvil also rents out its ransomware to other groups seeking to commit attacks, but it seems they have also used backdoors in their software to steal ransoms paid to their clients.