REvil dominated ransomware activity in 2021


REvil accounted for 37% of ransomware attacks in 2021, in accordance to a new report from IBM Safety.

The report, produced Wednesday, is the latest IBM X-Power Risk Intelligence Index, an yearly report produced by the tech big that gives a normal summary of cyberthreats identified about the previous calendar year. Ransomware was front and middle in the 2022 report, nevertheless phishing attacks had been also specified special notice.

Ransomware was, like very last calendar year, the top rated cyber attack kind observed in 2021, even though its share of the all round pie lowered year in excess of yr. Ransomware accounted for 23% of cyber attacks determined by X-Drive in 2020, but 21% in 2021. Server accessibility assaults jumped from 10% in 2020 to 14% in 2021. Enterprise electronic mail compromise and facts theft-linked assaults marked third and fourth location, every single accounting for 8% of all assaults.

REvil accounted for 37% of all tracked ransomware assaults, adopted by Ryuk (13%), LockBit 2. (7%) and AtomSilo (3%). REvil was accountable for many key attacks final yr, most notably the source-chain ransomware assault in opposition to Kaseya. This January, Russia reported it had “stopped” the gang’s operations when asserting a lot more than a dozen arrests of alleged gang members.

IBM mentioned two emerging ransomware developments. The initially will involve ransomware danger actors reaching out to a victim’s partner network after a source chain attack and using these organization associates to pressure the primary target into spending the ransom.

The second development, which IBM refers to as “triple extortion” techniques, is an evolution of commonplace double extortion ways in which a ransom actor encrypts a victim’s details ahead of thieving and threatening to leak explained details. The third extortion tactic is to inflict a DDoS attack on the victim.

“In this kind of assault, danger actors encrypt and steal data and also threaten to engage in a [DDoS] assault versus the afflicted group,” the report examine. “This sort of assault is particularly problematic for corporations for the reason that victims have their networks held hostage with two kinds of destructive attacksĀ  — normally simultaneously — and are then further more victimized by the theft (and normally leak) of information.”

IBM government security advisor Limor Kessem claimed neither of these trends are primarily frequent at the instant due to the further complexity demanded for every single. For both, the issue is not just to get the sufferer to pay out, but to shell out speedily.

“[A threat actor] wants to use just about every leverage offered to power a firm to pay back and fork out faster, since the extended this trails, the additional chance there is that regulation enforcement will step in and persuade them not to pay,” she claimed. “Perhaps [the victim] will do a hazard assessment and determine that the details the attackers are threatening with will not have all the leverage they believed it would.”

Regardless of attack form, phishing led the pack in assault vectors. Forty-one p.c of attacks utilised phishing to exploit victims, up from 33% in 2020. For the duration of penetration testing, IBM X-Pressure identified that simulated, focusing on phishing campaigns obtained an normal click on rate of 17.8%. When strategies included phone calls, the effectiveness tripled to a click amount of 53.2%.

Vulnerability exploitation was the next most widespread attack vector (34%) viewed in 2021, followed by stolen qualifications (9%) and brute pressure (6%). Stolen qualifications being 9% was significantly noteworthy, as it was used in 18% of assaults the previous 12 months.

In a part committed to IBM’s regional conclusions, the report showed how various kinds of attack vectors would affect diverse regions. In North America, phishing was the most popular attack vector in the Middle East and Africa, meanwhile, vulnerability exploitation led to 50% of incidents.

This year’s X-Force Danger Intelligence Index created 4 suggestions for improving cybersecurity posture. In accordance to IBM, businesses must establish a ransomware reaction program, apply multifactor authentication on each and every distant access point to a community, adopt a multi-layered strategy to fight phishing, and constantly refine and experienced their vulnerability management system.

Alexander Culafi is a writer, journalist and podcaster based in Boston.