VirusTotal’s first Ransomware Activity Report: the stakes are getting higher
Israel tops the affected country list with a 600% increase in ransomware attacks over the past 18 months.
Google has commissioned VirusTotal to analyze more than 80 million ransomware samples from 140 countries uploaded to the malware scanning service since January 2020. The report, titled Ransomware in a Global Context [PDF], reveals how threat actors deployed ransomware tools against their targets in 2020 and the first half of 2021.
When it comes to the geographical distribution of ransomware attacks, Israel is the most significant outlier among the affected countries, with close to a 600% increase in the number of ransomware sample submissions to VirusTotal in the past year and a half. The rest of the top 10 is followed by South Korea, Vietnam, China, Singapore, India, Kazakhstan, the Philippines, Iran and the UK
While submissions of the GandCrab ransomware samples skyrocketed in the first quarter of 2020, the latest peak in ransomware activity has been observed in July 2021, with an unprecedented spread of the Babuk ransomware family, which was introduced at the start of 2021.
"GandCrab had an extraordinary peak in Q1 2020 which dramatically decreased afterwards. It is still active but at a different order of magnitude in terms of the number of fresh samples," states the report.
With a whopping 78.5% of scanned ransomware files, GandCrab was the top ransomware variant used by attackers in the past 18 months. GandCrab with followed by Babuk and Cerber, which accounted for 7.61% and 3.11% of submissions to VirusTotal.
“Having an extreme outlier such as GandCrab makes the rest of families almost invisible in the chart with the exception of the Babuk ransomware peak in July 2021,” said VirusTotal.
Perhaps unsurprisingly, the vast majority (95.28%) of ransomware files detected by VirusTotal were Windows-based executables or dynamic link libraries (DLLs), while 2.09% were Android-based.
In terms of distribution artifacts used by threat actors to spread ransomware, the now-defunct Emotet took the lion’s share of the blame, followed by Zbot and Dridex.
“Attackers are using a range of different approaches, including well-known botnet malware and other RATs,” notes VirusTotal.
Tips for an effective anti-ransomware strategy
Based on the findings of the report, VirusTotal provides the following recommendations for an effective anti-ransomware strategy:
More from CyberNews
Subscribe to our newsletter