Skip to content

F1TYM1

InfoSec News

  • Fity Feeds
  • Fity Blog
  • About
  • Other

Malware / Ransomware

US treasury whips up sanctions for crypto mixer Tornado Cash
Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook
New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'
New Woody RAT Malware Being Used to Target Russian Organizations
VirusTotal Reveals Most Impersonated Software in Malware Attacks
7-Eleven Stores In Denmark Closed Due To a Cyberattack
Cyber Insurance Market 2022: FAQs & Updates with iBynd
Great, Now the Apple App Store Has Malware Too
US Treasury sanctions Tornado Cash, accused of laundering stolen crypto
How Hash-Based Safe Browsing Works in Google Chrome
Evolution of security: the story of the ILOVEYOU worm | Kaspersky official blog
Hackers Using SHARPEXT Browser Malware to Spy on Gmail and Aol Users
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem
Fresh RapperBot Malware Variant Brute-Forces Its Way Into SSH Servers
Deepfakes Grow in Sophistication, Cyberattacks Rise Following Ukraine War
10 Malicious Code Packages Slither into PyPI Registry
US aims to step up security for federal datacenters: Both physical and cyber
The evolution of security: the story of Code Red | Kaspersky official blog
Sonatype shines light on typosquatting ransomware threat in PyPI
How cybercrims embrace messaging apps to spread malware, communicate
Defence against the dark arts of ransomware
How Apple’s Lockdown Mode works | Kaspersky official blog
One-third of organizations experience weekly ransomware attacks
Top malware strains observed in 2021
Microsoft: Austrian company DSIRF selling Subzero malware
Chinese hackers use new Windows malware to backdoor govt, defense orgs
GitHub Zero-Day: From 35K Repos Compromised to False Alarm
Targeted attack on industrial enterprises and public institutions
GitHub blighted by “researcher” who created thousands of malicious projects
Researchers uncover sophisticated global Chinese hacking operation
7-Eleven Stores In Denmark Closed Due To a Cyberattack
APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants
Strengthen Android privacy and security via Telsy free secure DNS over TLS
Diving into YarGen
Strengthen Android privacy and security via Telsy free secure DNS over TLS
APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants
Facebook Removes Accounts Used to Infect Thousands With Malware
New Warning on Ryuk Ransomware
Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update

Analysis of 80 million ransomware samples reveals a world under attack

Google has released a report taking a close look at the more than 80 million ransomware samples uploaded to its VirusTotal service in the last year and a half.

Each day, approximately 150,000 ransomware samples were analysed by the free VirusTotal service after being submitted by suspicious computer users, and shared with the security community to enhance their threat intelligence and improve anti-virus products.

VirusTotal’s first Ransomware Activity Report reveals that it received ransomware submissions from 140 different countries around the world, and discovered at least 130 different ransomware families had been active since January 2020.

During deeper analysis of a smaller, curated and representative set of around one million double-checked ransomware samples, VirusTotal determined that the Gandcrab ransomware-as-a-service operation rules the chart for the most commonly seen family of ransomware by number of samples delivered, thanks largely to a surge in activity in early 2020:

“GandCrab had an extraordinary peak in Q1 2020 which dramatically decreased afterwards. It is still active but at a different order of magnitude in terms of the number of fresh samples”

Ransomware Samples

In runner-up position lies Babuk, which had a peak in submissions in July 2021:

“Another sizable peak occurred in July 2021, driven by the Babuk ransomware family – a ransomware operation launched at the beginning of 2021 that was behind the attack on the Washington DC Metropolitan Police Department.”

Of course, it’s important to look beyond the biggest ransomware families which may grab the headlines. Beyond the top ten ransomware groups, VirusTotal reports that “there is a baseline of activity of around 100 not-so-popular ransomware families that never stops.”

But what may surprise some people is the finding that typically ransomware does not take advantage of exploits to breach an organisation’s defences. According to the report, only 5% of the samples examined contained exploits.

“We believe this makes sense given that ransomware samples are usually deployed using social engineering and/or by droppers (small programs designed to install malware). In terms of ransomware distribution attackers don’t appear to need exploits other than for privilege escalation and for malware spreading within internal networks.”

Regardless, organisations would be wise not to be lax about keeping their IT systems patched against the latest vulnerabilities.

In addition, Tripwire recommends that companies raise awareness of the threat amongst their staff, and take measures to harden the security of their business against ransomware attacks.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Related

Posted on 2021-10-14Author BlogCategories Fity Feeds

Post navigation

Previous Previous post: Attackers exploiting zero-day vulnerability before enterprises can patch
Next Next post: Shining a Light on RedLine Stealer Malware and Identity Data Found in Criminal Shops
Proudly powered by WordPress