73% of Ransomware Detections in Q2 2021 Credited to REvil/Sodinokibi

October 07, 2021 - McAfee’s quarterly cyber threat report revealed troubling statistics about the current state of ransomware, showing that 73 percent of ransomware detections in Q2 2021 were credited to the notorious hacking group REvil/Sodinokibi.

Behind the financial services sector, healthcare was the most targeted industry for cloud security incidents in Q2. Security incidents in the United States skyrocketed this quarter, with the nation experiencing the most reported incidents compared to any other country.

Ransomware groups including Hive, Ryuk, Conti, DarkSide, LockBit, and BlackMatter remain at large. The groups are known threats to the healthcare sector, according to HHS’ Health Sector Cybersecurity Coordination Center (HC3).

“The impact of a ransomware attack became very clear when the Colonial Pipeline was forced to shut down by a DarkSide ransomware attack,” the McAfee report explained.

“This abrupt halt in the supply chain affected much of the eastern U.S., creating a frantic consumer run on fuel. The attack and resulting consumer and economic impact showed the true lethality of ransomware and grabbed the full attention of security authorities.”

McAfee observed that two of the most influential underground forums for cybercriminals announced a ban on ransomware advertisements last quarter. Despite this action, researchers found that threat actors are still very active on these forums under different personas.

McAfee researchers also recently found vulnerabilities in two types of B. Braun infusion pumps that could allow hackers to remotely administer double doses of medications to unsuspecting patients.

“These findings present an overview and some technical detail of the most critical attack chain along with addressing unique challenges faced by the medical industry,” the report continued.

Medical device security has risen to the forefront of healthcare security challenges in the months following this discovery.

Public sector security incidents increased by 64 percent in Q2. Malware was the most used attack technique in Q2, while spam showed the highest increase in reported incidents, at 250 percent. Spearphishing and Windows command shell techniques also gained popularity in Q2.

“Ransomware has evolved far beyond its origins, and cybercriminals have become smarter and quicker to pivot their tactics alongside a whole host of new bad-actor schemes,” Raj Samani, McAfee Enterprise fellow and the report’s chief scientist, explained in a press release.

“Names such as REvil, Ryuk, Babuk, and DarkSide have permeated into public consciousness, linked to disruptions of critical services worldwide. And with good measure, since the cybercriminals behind these groups, as well as others, have been successful at extorting millions of dollars for their personal gain.”

Researchers recommended that organizations get educated on how scammers impersonate Windows Defender to exploit malicious apps and learn best practices for securing networks against malicious ransomware groups.

Organizations should regularly patch systems, educate employees, and keep up-to-date with emerging threats. Even as ransomware attacks increase worldwide, the United States remains a top target, and healthcare is a top target for bad actors.