The number of successful ransomware attacks increased by 422% between Q1, 2020 and Q1, 2021 according to data released by Mandiant. The increase was seen in the number of datasets uploaded to data leak sites by ransomware gangs. While there was a major increase in attacks in 2020, the June 2021 McAfee Threats Report shows there was a 50% decrease in ransomware attacks in Q1, 2021 indicating the upward trend in attacks has come to an end.
McAfee attributed the decrease in attacks to ransomware gangs cutting back on large-scale distribution campaigns to target their efforts on attacking larger organizations. These attacks are conducted using unique ransomware samples, which are less likely to be detected prior to execution. The attacks are also conducted on large organizations with the means to pay substantial ransoms to recover their data. While these attacks require more effort, they are far more lucrative for ransomware gangs. Ransom demands are often issued for tens of millions of dollars, and even when negotiated down, the attacks are extremely lucrative.
McAfee reports that the number of prominent ransomware families declined significantly from January 2021 to March 2021. In January, there were 19 major ransomware families used in attacks, with the number falling to 9 by the end of March. REvil was the most commonly used ransomware variant, followed by RansomeXX, Ryuk, NetWalker, Thanos, MountLocker, and WastedLocker.
Several RaaS operations have shut down following the ransomware attacks on Colonial Pipeline and JBS in the United States. These attacks, which disrupted fuel supplies to the U.S. East Coast and threatened food production at JBS meat processing plants, forced the U.S government to put more resources into tackling the ransomware problem. Threat actors are being more aggressively pursued and efforts have been stepped up to disrupt their infrastructure, including how they launder money and cash out after an attack. There has also been a change in how ransomware attacks are classified. Since the attacks have threatened critical infrastructure, they are now being treated in the same way as terrorist attacks. The increased heat has made many ransomware gangs nervous and several have shut down their operations and are laying low.
The report also shows there has been a substantial increase in attacks involving cryptocurrency mining malware, which increased by 117% in the quarter. This has been attributed, in part, to a rise in 64-bit CoinMiner applications.
In Q1, 2021, McAfee detected an average of 688 new malware threats per minute, which is a significant increase from the 40 threats per minute identified in Q1, 2020.