VirusTotal Releases Ransomware Report Based on Analysis of 80 Million Samples

As lots of as 130 distinct ransomware families have been identified to be active in 2020 and the initially 50 percent of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.K. emerging as the most influenced territories, a complete investigation of 80 million ransomware-linked samples has unveiled.

Google’s cybersecurity arm VirusTotal attributed a substantial chunk of the activity to the GandCrab ransomware-as-a-services (RaaS) team (78.5%), adopted by Babuk (7.61%), Cerber (3.11%), Matsnu (2.63%), Wannacry (2.41%), Congur (1.52%), Locky (1.29%), Teslacrypt (1.12%), Rkor (1.11%), and Reveon (.70%).

Automatic GitHub Backups

“Attackers are employing a assortment of ways, including well-acknowledged botnet malware and other Distant Entry Trojans (RATs) as cars to supply their ransomware,” VirusTotal Threat Intelligence Strategist Vicente Diaz claimed. “In most instances, they are using new or new ransomware samples for their campaigns.”

Some of the other crucial points uncovered in the study are as follows —

  • GandCrab accounted for most of the ransomware exercise in the 1st two quarters of 2020, with the Babuk ransomware relatives driving a surge of infections in July 2021.
  • 95% of ransomware files detected have been Home windows-based mostly executables or dynamic url libraries (DLLs), though 2% were being Android-primarily based.
  • All around 5% of the analyzed samples had been affiliated with exploits relevant to Windows elevation of privileges, SMB info disclosures, and remote execution.
  • Emotet, Zbot, Dridex, Gozi, and Danabot were the most important malware artifacts used to distribute ransomware.
Prevent Data Breaches

The findings appear in the wake of a relentless wave of ransomware attacks aimed at vital infrastructure, with cybercriminal gangs aggressively pursuing victims in significant sectors, which include pipeline operators and health care facilities, even as the landscape has witnessed a ongoing change whereby ransomware groups evolve, splinter, and reorganize less than new names, or tumble off the radar to evade scrutiny.

If just about anything, the explosion of new malware family members has drawn new actors into collaborating in these worthwhile techniques, turning ransomware into a lucrative prison company design.

“Even though significant campaigns occur and go, there is a continuous baseline of ransomware activity of close to 100 ransomware households that in no way stops,” the report claimed. “In conditions of ransomware distribution attackers really don’t show up to want exploits other than for privilege escalation and for malware spreading in interior networks.”

Fibo Quantum