McAfee describe Q2 2021 as a “vibrant quarter for ransomware”.
The increasing prevalence of Ransomware.
McAfee Enterprise’s Advanced Threat Research Report: October 2021 has been released, providing a lot of data regarding cyber criminal activity in Q2 2021. The quarter saw new and updated threats used by cybercriminals in increased volume. In a statement announcing its findings, McAfee described Q2 as a “vibrant quarter for ransomware”.
The most targeted sectors for ransomware were government, telecoms, energy, and media & communications. The ransomware campaigns successfully extracted valuable data, and millions in ransoms from enterprises big and small.
The dispersion of workers thanks to COVID-19, and the shift this has placed on cloud security, has been pointed out by the report, as cybercriminals have been able to take advantage of potential exploits, and vulnerable targets. One such example would be employees accessing work systems from devices that have inferior security, and that are often used for personal use too.
Cybercriminal group DarkSide successfully shut down Colonial Pipeline, a major gas supply chain in the US, before REvil stole the spotlight with its attack on Kaseya, a global IT infrastructure provider. One of the most prevalent cybercriminal groups today, REvil were related to 73% of ransomware detections in Q2 2021.
A game of cat and mouse.
Cyber security providers are always trying to counter vulnerabilities found by cybercriminals. At the same time, cybercriminals are constantly poking at the defences, looking for weak points. It is unfortunate then that we must realise we are always vulnerable to attack, provided the attacker is skilled enough. Thankfully, attacks of this scale and level of skill make up for a relatively small percentage of all cyberattacks and are typically reserved for the biggest, global corporations.
Cyber security is still incredibly important for SME’s however, as there are still competent cybercriminals looking to attack fundamentally weak security systems. Your business likely has employee and customer personal information, which can be leaked and lead to further, more dangerous attacks. Businesses have a responsibility to safeguard the information of employees and customers, and if an attack is successful due to negligence and/or inferior security policies and systems, it is the business that is liable.
To help guard your organisation against cyberattacks, we recommend visiting The National Cyber Security Centre website◳. The NCSC is part of the UK Government focused on cyber security, and has excellent advice and learning resources. Furthermore, if you are unhappy with the level of security you currently have, we highly recommend getting in touch with us! We’ll look at your current system, perform a free risk assessment, and discuss how we can protect your business best.