Google has just released a new ransomware report, revealing that Israel was by far the country most affected by these attacks during this period. The tech giant hired cybersecurity company VirusTotal to conduct the analysis, which involved examining 80 million ransomware samples from 140 countries.
According to the report published by the company, Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, the Philippines, Iran and the United Kingdom were the ten most affected territories based on the number of submissions reviewed by VirusTotal. Israel has been the hardest hit, an increase of almost 600% over the number of grassroots submissions. The report does not specify what the number of base submissions from Israel was during this period.
Since early 2020, ransomware activity has peaked in the first two quarters of 2020. VirusTotal attributed this boom to the activity of the GandCrab group, which specializes in ransomware as a service. “GandCrab had an extraordinary peak in the first quarter of 2020 that decreased considerably thereafter. It is still active, but in a different order of magnitude in terms of the number of fresh samples,” says VirusTotal.
GandCrab, Babuk and Cerber
Another large increase was recorded in July 2021, driven by the Babuk ransomware band, a ransomware operation launched in early 2021. The Babuk ransomware attack generally has three distinct phases: initial access, network spread, and action on the objectives. GandCrab was the most active ransomware band since early 2020, accounting for 78.5% of samples. GandCrab was followed by Babuk and Cerber, which accounted for 7.6% and 3.1% of the samples, respectively.
According to the report published by Google, 95% of the detected ransomware files were executables or dynamic link libraries (DLLs) on Windows and 2% on Android. The document also reveals that exploits made up only a small portion of the samples – 5%. “We think this makes sense given that ransomware samples are usually implemented by social engineering and / or by eyedropper (small programs designed to install malware),” said VirusTotal.
“In terms of ransomware distribution, attackers do not seem to need exploits other than for privilege escalation and the spread of malware on internal networks.” After reviewing the samples, VirusTotal also said that there was a baseline of between 1,000 and 2,000 groups of ransomware that first appeared at any time during the analyzed period. “As large campaigns come and go, there is a constant baseline of ransomware activity that never stops,” the company says.
Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled