Brother
Professional
- Messages
- 2,590
- Reaction score
- 544
- Points
- 113
GandCrab, Babuk and Cerber turned out to be the most active ransomware schemes.
At least 130 different ransomware families were active throughout 2020 and the first half of 2021, according to a VirusTotal report based on an analysis of more than 80 million ransomware samples uploaded to the service during that period.
At the same time, samples were most often loaded from Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, the Philippines, Iran and Great Britain. As VirusTotal security engineer Vincente Diaz explained, the high number of downloads does not mean that the above countries are the most attacked. For example, Israel's strong performance (the number of downloads of ransomware samples from this country increased by 600%) may be due to the fact that “many companies [in the country] are automating downloads” on the service.
The top most active ransomware families were headed by GandCrab (78.5% of samples), mainly due to high activity in the period from January to July 2020 (in the second half of the year, the group's activity decreased significantly). The ransomware Babuk (7.61%) was in second place, followed by Cerber (3.11%), Matsnu (2.63%), Wannacry (2.41%), Congur (1.52%), Locky (1.29%), Teslacrypt (1.12%), Rkor (1.11%) and Reveton (0.70%).
“Among the top 10 ransomware families, we see the presence of wannacry. Perhaps these are remnants of old detections that are still relevant to some of the current ransomware families. However, we do not believe this is indicative of a new wave of wannacry attacks, ”the report says.
As for the most attacked systems, the first in this category belongs to the Windows OS - 95% of the samples detected were executable files for Windows or DLL-libraries. At the same time, the share of malware for Android was only 2.09%. In addition, in mid-2020, the EvilQuest malware attacking Apple Mac was detected.
As noted, approximately 5% of the samples analyzed were associated with exploits, mainly for privilege elevation or remote code execution vulnerabilities in Windows.
Almost all ten most active ransomware families used various malware such as Emotet, Zbot, Dridex, Gozi, or Danabot, as well as tools to move around the network (Mimikatz and Cobaltstrike) and dozens of Trojans for remote access (Phorpiex, Smokeloader, Nanocore, Ponystealer etc.).
VirusTotal is a free service, owned by Google, that provides information about the reputation and context of threats to help analyze suspicious files, URLs, domains and IP addresses to identify cyber threats.
At least 130 different ransomware families were active throughout 2020 and the first half of 2021, according to a VirusTotal report based on an analysis of more than 80 million ransomware samples uploaded to the service during that period.
At the same time, samples were most often loaded from Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, the Philippines, Iran and Great Britain. As VirusTotal security engineer Vincente Diaz explained, the high number of downloads does not mean that the above countries are the most attacked. For example, Israel's strong performance (the number of downloads of ransomware samples from this country increased by 600%) may be due to the fact that “many companies [in the country] are automating downloads” on the service.
The top most active ransomware families were headed by GandCrab (78.5% of samples), mainly due to high activity in the period from January to July 2020 (in the second half of the year, the group's activity decreased significantly). The ransomware Babuk (7.61%) was in second place, followed by Cerber (3.11%), Matsnu (2.63%), Wannacry (2.41%), Congur (1.52%), Locky (1.29%), Teslacrypt (1.12%), Rkor (1.11%) and Reveton (0.70%).
“Among the top 10 ransomware families, we see the presence of wannacry. Perhaps these are remnants of old detections that are still relevant to some of the current ransomware families. However, we do not believe this is indicative of a new wave of wannacry attacks, ”the report says.
As for the most attacked systems, the first in this category belongs to the Windows OS - 95% of the samples detected were executable files for Windows or DLL-libraries. At the same time, the share of malware for Android was only 2.09%. In addition, in mid-2020, the EvilQuest malware attacking Apple Mac was detected.
As noted, approximately 5% of the samples analyzed were associated with exploits, mainly for privilege elevation or remote code execution vulnerabilities in Windows.
Almost all ten most active ransomware families used various malware such as Emotet, Zbot, Dridex, Gozi, or Danabot, as well as tools to move around the network (Mimikatz and Cobaltstrike) and dozens of Trojans for remote access (Phorpiex, Smokeloader, Nanocore, Ponystealer etc.).
VirusTotal is a free service, owned by Google, that provides information about the reputation and context of threats to help analyze suspicious files, URLs, domains and IP addresses to identify cyber threats.
