Google Inspect 80 million ransomware Samples: Here's what they found
Fraudsters not only need money; they threaten to disclose sensitive or essential information when companies do not pay or when they contact legal authorities. For example, if you run a healthcare organization.
The impact could be devastating - as evidenced by the new report of a drug attack that found hospital invasions leading to delays in tests and procedures, lengthy hospitalizations, and even death.
Concerning ransomware distribution, attackers do not seem to need to be exploited without the rise of privileges and the spread of malware within internal networks.
Table of Contents
Image source - freepik.com
One of the biggest challenges to stopping the raid of the virus is the lack of complete visibility of how this attack spreads and evolves. Leaders are often left with fragments and details that they do not include.
There was another major upheaval in July 2021 by the Babuk ransomware group, a ransomware operation launched in early 2021. Babuk's ransomware attacks usually have three different categories: initial access, network streaming, and goal setting.
GandCrab has been the most active malware since the beginning of 2020, accounting for 78.5% of samples. GandCrab was followed by Babuk and Cerber, who made up 7.6% and 3.1% of the samples, respectively.
According to the report, 95% of the malware files were executable based on Windows or powerful libraries (DLLs), and 2% were Android.
The first report of the VirusTotal Ransomware Activity provides a complete overview of the virus attack by combining more than 80 million virus-related samples submitted last year and a half. This report is designed to help researchers, security personnel, and the general public understand the nature of hacking while enabling cyber experts to analyze better suspicious files, URLs, domains, and IP addresses.
Sharing details of how an attack escalates is essential in anticipating their emergence and receiving security threats worldwide. The report also found that exploitation has only a small fraction of samples - 5%.
Of the 140 countries that delivered ransomware samples, Israel was the most remote, with the highest delivery rate and almost 600 percent increase in delivery rates compared to its original base. The report did not state the primary number of Israel's presentations at that time. Israel was followed by South Korea, Vietnam, China, Singapore, India, Kazakhstan, the Philippines, Iran, and the UK as the most affected areas based on VirusTotal exports.
Google has seen a rise in ransomware activity in the first two quarters of 2020, mainly due to the ransomware-as-a-service group GandCrab (although its increase dropped sharply in the second half of the year). Another major clash occurred in July 2021, run by the Buk ransomware family - a rescue operation launched in early 2021 led to an attack on the Washington DC Metro Police Department.
At least 130 rehabilitated families were operational by 2020 and the first half of 2021 - compiled with 30,000 collections of malware that looked and worked the same way. With 6,000 collections, GandCrab was the most active family - followed by Bakuk, Cerber, Matsnu, Congur, Loky, Teslacrypt, Rkor, and Reveon.
We believe this makes sense given that ransomware samples are usually deployed using social engineering and/or by droppers (small programs designed to install malware.
GandCrab had the highest price in Q1 2020, which dropped significantly after that. It still works but with a different order of magnitude depending on the number of new samples.
While these significant campaigns are coming and going, there is an ongoing foundation for the redemption activities of 100 non-profit families. Attackers use various methods, including well-known botnet malware and other Remote Access Trojans (RATs) as vehicles delivering their software. In many cases, they use new or innovative ransomware samples in their campaigns.
This comprehensive collection of work provides essential information on the growth of viruses, their evolution, and their impact on organizations of all sizes. It gives the bread crumbs to businesses, and governments need to work harder to build cyber security in their infrastructure.
At Google, their platforms and products must be automatically protected and are designed to keep organizations safe from cyber security attacks, including the growing threat of malware.
- Their first Chrome OS cloud platform has never had a reported cyberattack - always - on any consumer business, education, or Chrome OS device. Enhanced with built-in and functional security, Chrome OS blocks executables that are often hidden internally. System files are stored in a read-only chapter to ensure that applications or extensions cannot modify the OS.
Additionally, the original Chrome OS cloud environment means that your data and files are backed up in the cloud and are available in case of an attack.
- Google is committed to providing the most reliable cloud in the industry and has developed solutions that help companies adhere to the five pillars of NIST's Cybersecurity Framework - from diagnosis to recovery. For example, Google's Cloud Asset Inventory helps businesses identify and monitor all of their assets in one place.
- Chronicle, Google Cloud's threat detection platform, allows businesses to detect and analyze threats quickly within infrastructure and applications, whether on Google Cloud or elsewhere.As email is at the heart of many hacker attacks, Google's anti-spam and malware protection provides email controls, protects against unwanted attachments, and protects incoming emails. With built-in expertise and additional solutions, we also make it easier and easier to respond and recover in an incident.
With better information from crowded intelligence platforms such as VirusTotal, decision-makers can ensure that a range of security solutions are implemented and that multi-line security measures become standard for all organizations. It is the only way to keep our businesses, schools, hospitals, and governments safe from ransomware attacks.