Ransomware Activity Jumps Staggering 55,240% in Q2, Prompting More Damage

The second-quarter spike in ransomware activity is the highest Nuspire has ever witnessed.

Edward Gately, Senior News Editor

September 13, 2021

3 Min Read
Surprised Man with Smartphone

The second quarter saw a whopping 55,240% increase in ransomware activity, with attacks becoming more common and more damaging.

That’s according to MSSP Nuspire‘s 2021 Q2 Quarterly Threat Landscape Report. Sourced from 90 billion traffic logs, it outlines new cybercriminal activity and tactics, techniques and procedures (TTPs). It also includes additional insight from its threat intelligence partner, Recorded Future.

Josh Smith is a security analyst at Nuspire. He said his company has never before seen such an increase in ransomware activity.


Nuspire’s Josh Smith

“Ransomware-based threat actors are attacking organizations for financial gain,” he said. “They infiltrate a network, steal data, encrypt the network, then extort their victims into paying on threat of releasing the information to the public. If the information contains personal information like Social Security numbers, addresses and other personally identifiable information (PII), it can be especially damaging to clients/users of the victim organization.”

No Industry Is Safe

The spike in ransomware activity began just a few weeks before the DarkSide ransomware group carried out the Colonial Pipeline ransomware attack. The reason for the increase is unknown and it may not be related to Colonial Pipeline. But one can speculate that the increase could be from the same campaign with Colonial Pipeline.

“Really no industry is safe as the threat actors will attack pretty much anyone they can,” Smith said. “Some ransomware groups have stated they will avoid certain sectors such as health care and government in what is assumed is a way to help keep governmental action from coming down on them. Some actors have specifically targeted health care due to the nature of their work and the urgency involved with getting those networks back online.”

Additional findings from Nuspire’s report include:

  • Malware activity was up nearly 42%. Trojan activity, in particular the new JS/Valkyr family of trojans, continues to drive it.

  • Botnet activity was down 50% from the first quarter. This likely resulted from the removal of Emotet.

  • A 51% decrease in exploit activity from the first quarter. However, that’s starting to trend back up this quarter. There’s also a large increase in secure shell brute force activity that has not been seen before.

More Monitoring Needed

Organizations need to monitor their technology stacks for newly published vulnerabilities and patch as soon as possible, Smith said.

“Additionally, a lot of ransomware is initially deployed via phishing attachments, [so] ensuring users know how to recognize them [is important],” he said. “Using advanced endpoint protection that has heuristics and behavioral analysis goes beyond standard malware signatures and can identify ransomware activity and stop it. An MSSP can assist an organization by identifying threat actors targeting their industry vertical, and what tactics and techniques they most commonly use. Once identified, can MSSP can determine what gaps may exist within a cybersecurity plan at an organization and help remediate.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like