Google has released a report taking a close look at the more than 80 million ransomware samples uploaded to its VirusTotal service across the last 18 months. Each day, approximately 150,000 ransomware samples were analysed by the free service after being submitted by suspicious computer users and shared with the security community to enhance their threat intelligence and improve anti-virus products.
The first Ransomware Activity Report from VirusTotal reveals that it received ransomware submissions from over 140 different countries around the world, and discovered at least 130 different ransomware families had been active since January 2020.
During deeper analysis of a smaller, curated and representative set of around one million double-checked ransomware samples, VirusTotal determined that the Gandcrab ransomware-as-a-service operation tops the chart for the most common ransomware family by the number of samples delivered, thanks largely to a surge in activity in early 2020.
The report said: “GandCrab had an extraordinary peak in Q1 2020 which dramatically decreased afterwards. It is still active but at a different order of magnitude in terms of the number of fresh samples.”
In the runner-up position lies Babuk, which had a peak in submissions in July 2021. Babuk has often featured across our Neu Cyber Threats weekly bulletins this year, with the report stating:
“Another sizable peak occurred in July 2021, driven by the Babuk ransomware family. This ransomware operation launched at the beginning of 2021 and was behind many high-profile attacks.”
It is worth recognising that while a large bulk of the ransomware operations is taken up by the top 10, there are still over 100 other ransomware groups that have carried out activity over the last year. That is a huge amount of illicit activity that can bring businesses crashing to the ground. The report mentioned that “there is a baseline of activity of around 100 not-so-popular ransomware families that never stops.”
But, interestingly, what may surprise some people is the finding that typically ransomware doesn’t take advantage of exploits to breach an organisation’s defences. According to the report, only 5% of the submitted samples contained exploits.
The report stated: “This makes sense given that ransomware samples are usually deployed using social engineering and/or by droppers (small programmes designed to install malware). In terms of ransomware distribution, attackers don’t need exploits other than for privilege escalation and for malware spreading within internal networks.”
Neuways, as ever, advises that your employees are kept aware of the latest ransomware ruses that cyber criminals are using to infect and exploit businesses around the world. With hundreds of cyber criminal gangs bombarding businesses with phishing campaigns, it would take one lapse of judgement for a threat group to enter your corporate network and encrypt your information.
Updating your IT systems with the latest security patches, as well as creating a strong culture of cyber security awareness within your business can really help avoid a large headache.