As many as 130 totally different ransomware households have been discovered to be energetic in 2020 and the primary half of 2021, with Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the U.Ok. rising as essentially the most affected territories, a complete evaluation of 80 million ransomware-related samples has revealed.
Google’s cybersecurity arm VirusTotal attributed a major chunk of the exercise to the GandCrab ransomware-as-a-service (RaaS) group (78.5%), adopted by Babuk (7.61%), Cerber (3.11%), Matsnu (2.63%), Wannacry (2.41%), Congur (1.52%), Locky (1.29%), Teslacrypt (1.12%), Rkor (1.11%), and Reveon (0.70%).
“Attackers are utilizing a spread of approaches, together with well-known botnet malware and different Distant Entry Trojans (RATs) as automobiles to ship their ransomware,” VirusTotal Menace Intelligence Strategist Vicente Diaz. “Normally, they’re utilizing contemporary or new ransomware samples for his or her campaigns.”
A few of the different key factors uncovered within the examine are as follows —
- GandCrab accounted for many of the ransomware exercise within the first two quarters of 2020, with the Babuk ransomware household driving a surge of infections in July 2021.
- 95% of ransomware recordsdata detected have been Home windows-based executables or dynamic hyperlink libraries (DLLs), whereas 2% have been Android-based.
- Round 5% of the analyzed samples have been related to exploits associated to Home windows elevation of privileges, SMB info disclosures, and distant execution.
- Emotet, Zbot, Dridex, Gozi, and Danabot have been the first malware artifacts used to distribute ransomware.
The findings come within the wake of a relentless wave of ransomware assaults aimed toward vital infrastructure, with cybercriminal gangs aggressively pursuing victims in vital sectors, together with pipeline operators and healthcare services, even because the panorama has witnessed a steady shift whereby ransomware teams evolve, splinter, and reorganize underneath new names, or fall off the radar to evade scrutiny.
If something, the explosion of recent malware households has drawn new actors into collaborating in these profitable schemes, turning ransomware right into a worthwhile prison enterprise mannequin.
“Whereas large campaigns come and go, there’s a fixed baseline of ransomware exercise of roughly 100 ransomware households that by no means stops,” the report mentioned. “When it comes to ransomware distribution attackers do not seem to wish exploits apart from for privilege escalation and for malware spreading inside inside networks.”