Home News Ransomware Operators are Introducing More RaaS Schemes: McAfee Report

Ransomware Operators are Introducing More RaaS Schemes: McAfee Report

McAfee’s Threats Report of June 2021 revealed that ransomware operators have shifted their focus from small and medium businesses and are now targeting large organizations for huge ransom pay-outs.

Bitcoin, Ransomware Attacks

The year 2021 is the genesis of many changes in the regular business model. From the new normal of remote working to new attack vectors, the year has been witness to multiple security challenges. The cyberattack landscape took new dimensions, making organizations question their existing cybersecurity capabilities. Cybercriminal and malware activities have increased exponentially in the Q1 of 2021, according to McAfee Threats Report: June 2021. From regular hacking activities to customized Ransomware-as-a-Service (RaaS) campaigns, cybercriminals have changed their attack vectors by targeting high-profile organizations for a huge ransom.

McAfee’s Key Findings

  • Coin Miner malware increased 117% primarily due to growth in 64-bit coin miner applications
  • The growth of Mirai-based malware strains also increased cyberattacks on IoT devices (55%) and Linux systems (38%)
  • Newly discovered malware threats averaged 688 per minute, an increase of 40 threats per minute in Q4 2020.

Ransomware Saw a Decline 

This might come as a surprise to everyone. However, McAfee revealed that ransomware attacks have declined by 50% in Q1. This is because ransomware operators are now focusing on large organizations rather than targeting small and medium-level companies.

The attackers have been leveraging unique RaaS affiliate groups to target large organizations and are demanding high ransom. This shift in attack technique resulted in the decline of infamous ransomware family attacks between January 2021 and March 2021.  Besides, regular ransomware attacks shifted their focus to monetize their cybercrimes with payments in cryptocurrency. Instead of encrypting systems and holding them hostage until the ransom is paid, Coin Miner malware compromised targeted systems and stealthily used them to mine crypto coins.

“Many more countries have experienced such attacks. What it will not show is that victims are paying the ransoms, and criminals are introducing more Ransomware-as-a-Service (RaaS) schemes as a result,” said Raj Samani, McAfee fellow and chief scientist.

According to the report, the REvil RaaS group is the most detected ransomware threat in Q1, followed by the Ryuk, RansomeXX, Thanos, NetWalker, MountLocker, Conti, WastedLocker, Babuk, and Maze ransomware strains.

“Criminals will always evolve their techniques to combine whatever tools enable them to best maximize their monetary gains with the minimum of complication and risk. We first saw them use ransomware to extract small payments from millions of individual victims. Today, we see Ransomware as a Service supporting many players in these illicit schemes holding organizations hostage and extorting massive sums for the criminals,” Samani added.