Since 2020, at least 130 different ransomware families have been active

The popular Google’s VirusTotal scanning service has published an interesting analysis of more than 80 Million ransomware samples.

VirusTotal has published its first ransomware activity report based on the analysis of more than 80 million samples that have been uploaded from 140 countries worldwide. Since 2020, at least 130 different ransomware families have been active.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The countries with the highest number of submissions to VirusTotal were Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran and the UK.

The analysis of the temporal distribution of ransomware-related submissions revealed a sequence of peaks in the first two quarters of 2020.

Most of the samples targeting Windows systems submitted to the scanning service since the beginning of 2020 belongs to the GandCrab family.

The researchers grouped the samples by 30,000 clusters of malware, and GandCrab accounted for 6,000 clusters, followed by Cerber with approximately 5,000 clusters.

The following graph shows the top 10 families by number of different samples:

ransomware analysis VirusTotal

It is interesting to note that a relatively young threat like the Babuk ransomware, which appeared on the threat landscape in early 2021,  was in second with 7.61 percent of the submitted samples.  

The analysis revealed that 95 percent of ransomware files detected were Windows-based executables or dynamic link libraries (DLLs), only 2 percent were Android-based threat.

Experts also analyzed the use of artifacts in the kill chain associated with different families, dividing them into those components used to distribute ransomware and those used for lateral movement. The former group was lead by Emotet and Zbot, the latter group by Mimikatz and Cobaltstrike.

Below are key findings of the report:

  • First, while big campaigns come and go, there is a constant baseline of ransomware activity that never stops.
  • Second, attackers are using a range of different approaches, including well-known botnet malware and other RATs.
  • Third, in terms of ransomware distribution attackers don’t appear to need exploits other than for privilege escalation and for malware spreading within internal networks.
  • Finally, as noted earlier, Windows accounts for 95 percent of the ransomware targets, compared to 2 percent for Android.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, VirusTotal)

The post Since 2020, at least 130 different ransomware families have been active appeared first on Security Affairs.

By admin