Google Evaluated 80 million Ransomware Samples, Here's What It Discovered

Google Evaluated 80 million Ransomware Samples, Here’s What It Discovered

In a recent ransomware report provided by Google, it was shown that Israel was by far the greatest contributor of samples throughout that period.

The research was carried out by cybersecurity firm VirusTotal, which involved examining 80 million ransomware samples from 140 nations.

Based on the number of submissions examined by VirusTotal, Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the United Kingdom were the ten most impacted regions.

Israel received the most entries, with a near-600 percent increase over its previous total. Israel’s baseline number of submissions over that period was not stated in the study.

Ransomware activity peaked in the first two quarters of 2020. According to VirusTotal, it was because of the activity by GandCrab, a ransomware-as-a-service group.

VirusTotal said that GandCrab saw a meteoric rise in Q1 2020, followed by a steep drop. It is still operational. However, in terms of the number of fresh samples, it is on a different scale.

Another significant surge occurred in July 2021, fueled by the Babuk ransomware gang’s ransomware campaign that started in January 2021. Initial access, network spread, and acting on objectives are the three phases of Babuk’s ransomware attack.

Since the beginning of 2020, GandCrab has been the most active ransomware group, accounting for 78.5 percent of all samples. Babuk and Cerber came in second and third, with 7.6 percent and 3.1 percent of samples, respectively.

According to the study, 95 percent of the ransomware files discovered were Windows executables or dynamic link libraries (DLLs), with only 2% being Android-based. The research also discovered that exploits made up a tiny percentage of the samples (5%).

VirusTotal feels this makes sense considering that ransomware samples are typically distributed via social engineering or/and droppers (small applications meant to install malware).

Besides privilege escalation and virus propagation within internal networks, attackers don’t appear to require vulnerabilities for ransomware dissemination.

VirusTotal also said there was a baseline of between 1,000 and 2,000 first-seen ransomware clusters at all times during the examined timeframe.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.