REvil is dominating the global ransomware scene

News
By published

Brazen campaigns could led to unprecedented action

Representational image of a cybercriminal
(Image credit: Pixabay)

Cybersecurity experts traced a clear majority (73%) of ransomware detections in Q2 2021 to one group - the REvil gang.

For its October Advanced Threat Research Report, McAfee Enterprise crunched threat data from over a billion sensors across multiple threat vectors around the world.

“Names such as REvil, Ryuk, Babuk, and DarkSide have permeated into public consciousness, linked to disruptions of critical services worldwide. And with good measure, since the cybercriminals behind these groups, as well as others, have been successful at extorting millions of dollars for their personal gain,” noted Raj Samani, McAfee Enterprise fellow and chief scientist. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

According to the report, cloud incidents that attacked businesses in the US accounted for 34% of incidents recorded in Q2 2021. Notably, even though Europe saw the largest increase in reported incidents (52%), the UK registered a drop of 19% in the time period. 

Evolving landscape

According to the researchers, Q2 2021 was an interesting quarter for ransomware as it managed to attract unprecedented attention from the US administration.

In fact, the response to DarkSide’s attack on Colonial Pipeline, and REvil’s campaign against the global IT infrastructure provider Kaseya, caused both groups to halt their operations abruptly.

Interestingly, the fear of repercussions from the authorities even prompted the cybercriminal underground forums that provide safe haven for these cybercriminals to institute a ban on ransomware advertisements. 

However, as the report notes, these actions appear to be temporary measures, as REvil has reared its head on the forums once again, while DarkSide seems to have evolved into BlackMatter.

The good however is that the report shows that attacks across several sectors, such as information and the manufacturing sectors, were down. 

“Organizations shouldn’t get complacent, however, and should use this as an opportunity to figure out what has worked well and how they could tighten up their defences against future attacks,” suggested Adam Philpott, EMEA President at McAfee Enterprise.

If the threat actors were expecting the threat of action from the authorities has blown over, they have another thing coming as US President Joe Biden has announced plans to bring together over 30 countries to jointly tackle the rising ransomware menace.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
A laptop with a red screen with a white skull on it with the message: &quot;RANSOMWARE. All your files are encrypted.&quot;
More reports claim 2024 was the worst year for ransomware attacks yet
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
A laptop with a red screen with a white skull on it with the message: &quot;RANSOMWARE. All your files are encrypted.&quot;
Less than half of ransomware incidents end in payment - but you should still be on your guard
Ransomware attack on a computer
Ransomware attacks surged in 2024 as hackers looked to strike faster than ever
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
A computer being guarded by cybersecurity.
The impact of the cyber insurance industry in resilience against ransomware
Latest in Security
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Latest in News
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
More about security
Code Skull

Interpol operation arrests 300 suspects linked to African cybercrime rings
An abstract image of a lock against a digital background, denoting cybersecurity.

Critical security flaw in Next.js could spell big trouble for JavaScript users
Bluetti

Spring into Savings: Unlock Up to 54% Off Bluetti's Best-Selling Power Solutions Only Until March Ends!
See more latest
Most Popular
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
Google Pixel 9a being held, from the back
The Google Pixel 9a’s mysterious delay may have just been explained
Nintendo Sound Clock: Alarmo
Nintendo Sound Clock: Alarmo gets new update with more customizable features ahead of the Switch 2 Direct
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Teenager playing on a gaming PC with two monitors
Samsung's OLED monitors are about to get much cheaper - and it's about time