Ransomware attacks decrease, operators started rebranding

Positive Technologies experts have analyzed the Q3 2021 cybersecurity threatscape and found a decrease in the number of unique cyberattacks. However, there’s been an increase in the share of attacks against individuals, and also a rise in attacks involving remote access malware.

ransomware attacks decrease

The number of attacks in Q3 decreased by 4.8% compared to the previous quarter—the first time since the end of 2018 that Positive Technologies has recorded a negative trend. The researchers believe one key reason for the change is the decrease in ransomware attacks and the fact that some major players have quit the stage. This is also why the share of attacks aimed at compromising corporate computers, servers, and network equipment has fallen, from 87% to 75%.

“This year we saw the peak of ransomware attacks in April when 120 attacks were recorded. There were 45 attacks in September, down 63% from the peak in April. The reason is that several large ransomware gangs stopped their operation, and law enforcement agencies started paying more attention to the problem of ransomware attacks (due to recent high-profile attacks),” said Ekaterina Kilyusheva, Head of Research and Analytics, Positive Technologies.

Researchers also noted a trend toward the rebranding of existing ransomware gangs: Some operators are rethinking their preference for the Ransomware as a Service (RaaS) scheme, which carries certain risks from unreliable partners.

Kilyusheva explains: In Q2, we predicted that one of the possible scenarios of ransomware transformation would be that groups abandon the RaaS model in its current form. It is much safer for ransomware operators to hire people who will deliver malware and search for vulnerabilities as permanent ‘employees.’ It will be safer for both parties, as more organized and efficient all-in-one forms of cooperation can be created. In Q3, we saw the first steps in this direction. An additional boost for this transformation is the development of the market of initial access.”

The research shows that although the share of malware attacks on organizations decreased by 22%, the attackers’ appetite for data also led to an increase in the use of remote access trojans. In attacks on organizations, this share grew from 17 to 36%, whereas in attacks against individuals, remote control trojans made up more than half of all used malware. In Q3 the share of attacks involving remote access trojans increased 2.5 times over Q1.

The analysis shows that in Q3, the share of attacks conducted by an APT group increased to five percent of the total number of attacks against users. This was likely due to numerous phishing and intelligence campaigns against employees of government agencies, industrial enterprises, and media workers.

Compared to the same period last year, the share of social engineering attacks against individuals increased from 67 to 83%. Moreover, criminals are constantly improving malicious techniques, for example, by tricking victims into calling fraudulent call centers. That’s what happened with the BazaCall malware and ransomware campaign. To not fall for the tricks of malicious actors, Positive Technologies advises organizations and users alike to adhere to general recommendations for ensuring corporate and personal cybersecurity.

Don't miss