Surge in Q2 ransomware attacks highlighted by REvil and DarkSide, according to a recent report

In a recent blogpost, Raj Samani, chief scientist at McAfee Enterprises, has highlighted a concerning trend in the financial services sector. According to the report released by McAfee, the financial services sector saw the most activity in terms of cloud threats, accounting for 50% of the top 10 cloud incidents.

The report further indicates that financial services were not the only sector under attack. Telecom, energy, and media and communications were the next most targeted sectors, followed by a 60% increase in attacks against the entertainment business and a 64% growth in reported incidents against the public sector.

One of the notable incidents mentioned in the report is the attack against a farm cooperative in Iowa during late September. This attack was linked to the emergence of BlackMatter, a ransomware group that surfaced in July. McAfee Enterprise officials believe the emergence of BlackMatter was more than a coincidence, suggesting a possible connection.

The report also sheds light on the activities of other notorious ransomware families. For instance, REvil/Sodinokibi was responsible for 73% of ransomware detections during the second quarter. This group was linked to ransomware attacks on JBS USA and Kaseya, among others.

An updated version of the LockBit ransomware, LockBit 2.0, has also been noted by researchers. This variant accesses systems using the remote desktop protocol and automatically encrypts data across the domain in preparation for exfiltrating information.

In a positive development, two of the top underground forums, XSS and Exploit, have announced bans on accepting ransomware advertising.

The U.S. Department of Justice retrieved approximately $2.3 million of the $4.4 million ransom paid by Colonial Pipeline to DarkSide, the group linked to the attack on the pipeline in early May. However, the search results do not specify who was responsible for the ransomware attack on the farm cooperative in Iowa.

Federal officials have recently warned of threats against agricultural and food industry targets, adding another layer of concern to an already challenging situation. As the threat landscape continues to evolve, it is essential for organisations across all sectors to stay vigilant and take necessary measures to protect their systems and data.