As many as 130 totally different ransomware households have been discovered to be energetic in 2020 and the primary half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.Ok. rising as probably the most affected territories, a complete evaluation of 80 million ransomware-related samples has revealed.
Google’s cybersecurity arm VirusTotal attributed a major chunk of the exercise to the GandCrab ransomware-as-a-service (RaaS) group (78.5%), adopted by Babuk (7.61%), Cerber (3.11%), Matsnu (2.63%), Wannacry (2.41%), Congur (1.52%), Locky (1.29%), Teslacrypt (1.12%), Rkor (1.11%), and Reveon (0.70%).
“Attackers are utilizing a variety of approaches, together with well-known botnet malware and different Distant Entry Trojans (RATs) as automobiles to ship their ransomware,” VirusTotal Menace Intelligence Strategist Vicente Diaz stated. “Generally, they’re utilizing contemporary or new ransomware samples for his or her campaigns.”
A few of the different key factors uncovered within the examine are as follows —
- GandCrab accounted for a lot of the ransomware exercise within the first two quarters of 2020, with the Babuk ransomware household driving a surge of infections in July 2021.
- 95% of ransomware recordsdata detected have been Home windows-based executables or dynamic hyperlink libraries (DLLs), whereas 2% have been Android-based.
- Round 5% of the analyzed samples have been related to exploits associated to Home windows elevation of privileges, SMB data disclosures, and distant execution.
- Emotet, Zbot, Dridex, Gozi, and Danabot have been the first malware artifacts used to distribute ransomware.
The findings come within the wake of a relentless wave of ransomware assaults aimed toward important infrastructure, with cybercriminal gangs aggressively pursuing victims in important sectors, together with pipeline operators and healthcare amenities, even because the panorama has witnessed a steady shift whereby ransomware teams evolve, splinter, and reorganize beneath new names, or fall off the radar to evade scrutiny.
If something, the explosion of recent malware households has drawn new actors into taking part in these profitable schemes, turning ransomware right into a worthwhile prison enterprise mannequin.
“Whereas huge campaigns come and go, there’s a fixed baseline of ransomware exercise of roughly 100 ransomware households that by no means stops,” the report stated. “When it comes to ransomware distribution attackers do not seem to wish exploits aside from for privilege escalation and for malware spreading inside inside networks.”