For Every Action, There Is an Equal and Opposite Reaction

Threat actors react to the actions of their targets as governments and law enforcement agencies seek to protect those targets.

From Q2 to Q3 2021, ransomware gained increasing attention. The government labeled it a national security threat and bolstered efforts to topple top targets, such as REvil/Sodinokibi.The heightened government focus on this group — known for the far-reaching supply chain attack against Kaseya — likely led to law enforcement action, the disappearance of the group’s spokesperson “Unkn”, the re-appearance of the developers, further enforcement action, and the group’s final shutdown.

Unfortunately, REvil/Sodinokibi was not the only highly active group this quarter. While REvil/Sodinokibi may have stolen major media headlines for its massive ransom demands and disappearing acts, Conti exploded onto the scene in Q3 2021 with a consistent cadence of attacks. Its lesser media attention did not stem from increasing ransom demands — those remained relatively steady — but rather, disgruntled affiliates leaking sensitive operation details, including the tactics, techniques, and procedures (TTPs) of Conti ransomware partners. And most recently, in mid-October, Conti released a statement, accusing the United States of “bandit mugging” and comparing U.S. law enforcement’s efforts to target groups like REvil/Sodinokibi to U.S. military action in Afghanistan and Iraq.

In Q3 2021, threat actors also continued mass exploitation of vulnerabilities in systems, including those in Microsoft Exchange.

Download Report

Enter your contact information below to download our Quarterly Crimeware Report.