Ryuk

Over the past months, malware researchers tracking ransomware threats have found a sharp rise in these attacks compared to the first six months of 2020.

According to recently published data from Check Point and the IBM Security X-Force Incident Response team, Maze, Ryuk, and REvil (Sodinokibi) ransomware families are at the top of the list.

Between June and September, both organizations witnessed an increase in ransomware attacks at a global level, with some threats being more successful than others.

Healthcare sector being targeted by these attack

Check Point compiled data referring to the third quarter of the year reveals that Maze and Ryuk were the most popular families of ransomware, with the latter targeting an average of 20 businesses every week.

Ryuk increased its operation in July, according to a study from Check Point today, and concentrated mainly on healthcare organizations, which are still under heavy burden from the pandemic and can not afford to download their systems.

The company says that in the third quarter of 2020, ransomware attacks increased by 50 percent at a global level and that Ryuk and Maze were the most prevalent threats. In the United States, in the third quarter, these attacks almost doubled, putting it high in the top five most affected countries in Q3:

  • U.S. (98.1% increase)
  • India (39.2% increase)
  • Sri Lanka (436% increase)
  • Russia (57.9% increase)
  • Turkey (32.5% increase)

IBM states that ransomware attacks “appeared to explode in June 2020,” based on data from incident response engagements, as they dealt with a third of all such events reported up to September.

The company announced in late September that Maze accounted for 12 percent of all the ransomware attacks investigated this year by its X-Force Incident Response team.

However, Sodinokibi (REvil), seen in 29 percent of the incidents they investigated in 2020, was the most common ransomware strain IBM’s task force encountered.

REvil claims more than 140 victims in wholesale, manufacturing, and professional services, most of them from the U.S., as per IBM ‘s report. The firm reports that the ransom demand was charged by 36 percent of them.

IBM estimates that the REvil ransomware community netted a profit of at least $81 million this year with demands of between $1,500 and $42 million.

EKANS (Snake)-responsible for 6 percent of the incidents-is the third most prevalent ransomware IBM saw in 2020 that can destroy processes linked to industrial control system (ICS) activities.

Ransomware attacks have been so lucrative for cybercriminals that there is almost no possibility that this threat will disappear any time soon, especially with advanced tactics designed to force a ransom payment (stealing data and leaking or selling it on the dark web).

Continuous data backups stored offline are also a good practice that will ensure quicker recovery from such an attack, as security patches are implemented in a timely manner and remote access to the internal companies internal network is limited or disabled.