Over the second quarter of the year, 73% of ransomware detections were related to the REvil/Sodinokibi family, while Darkside attacks expanded to more industries, McAfee says.
Ransomware has turned into one of the most devastating cyberthreats as criminal gangs launch destructive attacks against specific industries and organizations. Attackers also have upped their game through multiple strategies, such as the double-extortion tactic in which they vow to publicly release the stolen data unless the ransom is paid. In its latest Advanced Threat Research Report, McAfee looks at the most prominent ransomware strains for the second quarter of 2021 and offers advice on how to combat them.
Several ransomware incidents garnered headlines over the quarter, most notably the attack by criminal group Darkside against fuel delivery utility Colonial Pipeline and the exploit used by the REvil gang to target enterprise IT firm Kaseya. But other attacks triggered concerns that ransomware was shifting to a different level of business.
Looking at such top ransomware groups and strains as Ryuk, REvil, Babuk and Cuba, McAfee noted that criminals are increasingly using standard business practices to farm out their activities to affiliates. These groups also are exploiting common security vulnerabilities to target specific organizations. Beyond detecting a surge in ransomware attacks by popular families over the second quarter, McAfee found that criminals expanded their efforts to more sectors.
The sector most targeted by ransomware during the second quarter was the government, according to McAfee. Other industries that fell in the crosshairs were telecom, energy, and media and communications. Almost three-quarters of the ransomware detections in the quarter were related to the REvil/Sodinokibi family. Attacks by DarkSide extended beyond the oil, gas and chemical sector to threaten legal services, wholesale and manufacturing.
To protect your organization from the most prevalent ransomware threats, McAfee offers several recommendations:
- Block malicious browser popups. In May, McAfee said it detected an increase in the use of deceptive popups in web browsers. Some are simply annoying, while others trick you into taking an action that could lead to a malware infection. To stop this, review the name of the site sending the notification in the actual popup. Go the notification settings section in your browser. Look for the site name, click the ellipsis icon next to the entry and select Block. For future popups, allow them only on sites you trust or disable all such notification prompts.
- Scrutinize Windows push notifications. Scammers are increasingly impersonating Windows push notifications to deploy malicious apps that can compromise user and system information. One campaign even spoofed a Windows Defender update. To protect yourself from these types of threats, go to the Windows Update screen under Settings to check for updates rather than respond to a suspicious notification.
- Protect your network against DarkSide ransomware. DarkSide has turned into one of the most notorious strains of ransomware. A McAfee blog post from May offers insight into this threat and suggests certain prevention and detection practices.
- Safeguard your virtual machines. Virtual machines have proved increasingly valuable to cybercriminals. A McAfee blog post from June focused on VMware virtual machines and described how to patch them against security vulnerabilities that can be exploited by ransomware.