After an
extremely profitable 2020, there was little chance of threat actors taking their foot off the gas as we entered 2021.
In the first quarter of the year, tens of thousands of businesses, public entities and home users were hit by ransomware. Some of the most notable incidents included a Phoenix CryptoLocker attack on CNA Financial, one of the largest insurers in the U.S.; a Conti attack on Florida’s Broward County Public Schools, the sixth largest public school system in the U.S.; and a REvil attack on computer giant Acer, in which threat actors demanded the largest (publicly known) ransom to date – $50 million.
In Q1, we saw some rare legal action taken against ransomware actors. In January, a coordinated international law enforcement effort resulted in the indictment of a Canadian national associated with the NetWalker ransomware and the seizure of a dark web resource used by NetWalker affiliates to communicate with victims. Also in January, a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine led to the takedown of Emotet, an extremely prolific modular banking trojan that was often used to deliver ransomware.
We also observed some changes in the threat landscape as some bad actors retired and new groups emerged. Q1 marked the departure of FonixCrypter, a ransomware operation that had been moderately active since its inception in in mid-2020. The group released the FonixCrypter master decryption keys and a rudimentary decryption tool, along with an apology for their actions. We also saw the arrival of Babuk, a new ransomware variant laden with design flaws that could unintentionally
cause permanent data loss.
