As many as 130 totally different ransomware households have been discovered to be energetic in 2020 and the primary half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.Okay. rising as probably the most affected territories, a complete evaluation of 80 million ransomware-related samples has revealed.
Google’s cybersecurity arm VirusTotal attributed a major chunk of the exercise to the GandCrab ransomware-as-a-service (RaaS) group (78.5%), adopted by Babuk (7.61%), Cerber (3.11%), Matsnu (2.63%), Wannacry (2.41%), Congur (1.52%), Locky (1.29%), Teslacrypt (1.12%), Rkor (1.11%), and Reveon (0.70%).
“Attackers are utilizing a spread of approaches, together with well-known botnet malware and different Distant Entry Trojans (RATs) as automobiles to ship their ransomware,” VirusTotal Menace Intelligence Strategist Vicente Diaz stated. “Typically, they’re utilizing contemporary or new ransomware samples for his or her campaigns.”
A number of the different key factors uncovered within the research are as follows —
- GandCrab accounted for a lot of the ransomware exercise within the first two quarters of 2020, with the Babuk ransomware household driving a surge of infections in July 2021.
- 95% of ransomware recordsdata detected have been Home windows-based executables or dynamic hyperlink libraries (DLLs), whereas 2% have been Android-based.
- Round 5% of the analyzed samples have been related to exploits associated to Home windows elevation of privileges, SMB data disclosures, and distant execution.
- Emotet, Zbot, Dridex, Gozi, and Danabot have been the first malware artifacts used to distribute ransomware.
The findings come within the wake of a relentless wave of ransomware assaults geared toward essential infrastructure, with cybercriminal gangs aggressively pursuing victims in essential sectors, together with pipeline operators and healthcare services, even because the panorama has witnessed a steady shift whereby ransomware teams evolve, splinter, and reorganize below new names, or fall off the radar to evade scrutiny.
If something, the explosion of latest malware households has drawn new actors into taking part in these profitable schemes, turning ransomware right into a worthwhile legal enterprise mannequin.
“Whereas large campaigns come and go, there’s a fixed baseline of ransomware exercise of roughly 100 ransomware households that by no means stops,” the report stated. “By way of ransomware distribution attackers do not seem to wish exploits apart from for privilege escalation and for malware spreading inside inner networks.”