Ransomware gangs shift efforts to most lucrative targets, report

Ransomware as a service means more targeted attacks on high-value targets, says McAfee

Cybersecurity firm McAfee has released its Threats Report for June 2021, detailing the growth in cyber activities related to malware in the first quarter of the year.

According to the report [pdf], ransomware incidents declined by half in the first quarter of the year, partly due to a shift by cyber criminals from mass-spread campaigns targeting many of organisations to customised Ransomware-as-a-Service (RaaS) campaigns hitting fewer but more lucrative targets, with unique malware samples.

"Criminals will always evolve their techniques to combine whatever tools enable them to best maximise their monetary gains with the minimum of complication and risk," said Raj Samani, McAfee fellow and chief scientist.

According to Samani, threat actors earlier used ransomware to extract small payments from millions of individual victims, but now they are moving to RaaS that can provide support to many players in "illicit schemes holding organisations hostage and extorting massive sums".

Overall, McAfee observed an average of 688 new malware threats per minute in Q1 2021, an increase of 40 threats per minute over Q4 2020.

Cryptocurrency-generating coin miner malware grew by 117 per cent, due to proliferation in 64-bit CoinMiner applications, according to the firm. Rather than encrypting victims' systems, these malware strains quietly generate cryptocurrency using the computing capacity of the compromised systems.

As there is zero interaction between the victims and the attackers, the victims may never know that their machine is actually generating money for cyber criminals.

Additionally, McAfee also observed a surge in new Mirai malware variants (such as the Moobot family), leading to an increase in malware targeting Internet of Things (55 per cent) and Linux (38 per cent) systems.

REvil was the most detected ransomware strain in Q1, according to the report. It was followed by the Ryuk, RansomeXX, NetWalker, MountLocker, Thanos, WastedLocker, Maze, Conti and Babuk strains.

Publicly reported cyber incidents targeting the technology sector were up 54 per cent in Q1 compared to the last quarter of 2020.

Other sectors that saw increases in cyber incidents were Education (46 per cent) and Financial/Insurance (41 per cent). Reported incidents in wholesale/retail and public sector decreased by 76 per cent and 39 per cent, respectively.

Cyber incidents surged 84 per cent in France and 19 per cent in the UK, but declined 14 per cent in the US, McAfee said.

McAfee's founder John McAfee was found dead in a Spanish prison yesterday. He sold the company to Intel in 2011.