Ransomware attacks reach 'stratospheric' levels in Q2, 2021: Study

Ransomware attacks have reached ‘stratospheric’ levels, now accounting for 69% of all attacks involving malware, according to Positive Technologies’ Cybersecurity Threatscape: Q2, 2021. The research also reveals that the volume of attacks on governmental institutions in particular soared from 12% in Q1 2021 to 20% in Q2. And the company’s Expert Security Center (PT ESC), which focuses on threat intelligence, during the quarter discovered the emergence of B-JDUN, a new RAT used in attacks on energy companies, and Tomiris, new malware that comes with functions for gaining persistence and can send encrypted information about the workstation to an attacker-controlled server.

The research found only a minor rise, 0.3%, in overall attacks from the previous quarter. This slowdown was to be expected as companies took greater measures to secure the network perimeter and remote access systems during a global pandemic and the growth of a dispersed workforce. However, the rise in ransomware attacks in particular—a 45% jump in the month of April alone—should cause grave concern.

On a related note, Positive Technologies identified a ban by Dark Web forums on the publication of posts regarding ransomware operators' partner programs. This indicates that in the near future, these ‘partners’ may no longer have a distinct role—ransomware operators themselves could take over the task of assembling and supervising teams of distributors.

The researchers also note a growing pattern of malware specifically designed to penetrate Unix systems. “We've got used to the idea that attackers distributing malware pose a danger to Windows-based systems,” said Yana Yurakova, Information Security Analyst, Positive Technologies. “Now we see a stronger trend of malware for attacks on Unix systems, virtualization tools, and orchestrators. More and more companies, including larger corporations, now use Unix-based software, and that’s why attackers are turning their attention to these systems."

Among other findings:

• 69% of all malware attacks targeting organizations involved ransomware distributors, a 30% jump over the same quarter in 2020
• There’s been a noticeable change in the landscape for the retail industry—a sharp decrease in attacks with ‘web skimmers,’ accompanied by a rise in interest among ransomware distributors. Ransomware attacks on retailers accounted for 95% of all attacks using malware. This is likely because previous attacks in this industry mostly targeted data—payment details, personal information, credentials, etc. Now, they pursue financial gains more directly through ransoms
• The volume of social engineering attacks targeting retail also increased from 36% in Q1 2021 to 53% in Q2