Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Insights on ransomware attacks
#1
Bug 
Quote:
[Image: Logo_VT_Horizontal.png]

Insights on ransomware attacks

Our first “Ransomware in a global context” report offered an overview on how ransomware attacks evolved since 2020, highlighting GanCrab’s supremacy in 2020 and its rebranding as REvil with a different targeting. On the bright side, law enforcement agencies have been very active conducting dozens of operations in the last months, including the arrest of several REvil affiliates.  

We wanted to reflect on this and other recurrent questions we received since the publication of our report with our colleague Vlad Stolyarov from Google’s Threat Analysis Group (TAG)  to help provide some further insights into them.You can also find some of the answers and great additional content in our beloved Cloud Security Podcast by Anton Chuvakin and Tim Peacock Episode 45 “VirusTotal Insights on Ransomware Business and Technology”.

Alright, let’s go check some of the most popular questions we received.
 
Can you provide more details on the geographical distribution of the samples? How is it possible the US is not the main target?

Well, North America remains the most targeted region by number of ransomware samples according to our visibility. 

What we show in the report is the difference between the normal average submission of samples from any given territory and ransomware submissions. We did our best to filter out automatic submissions or any other systems that could alter the real spreading, but obviously there can be exceptions. In the case of Israel, we believe the dramatic increase is a combination of being highly targeted by ransomware and several security companies or experts submitting to VirusTotal. 
 
Why was GandCrab the most popular family in 2020? Does it continue to be the biggest one by number of samples?

GandCrab was one of the most successful groups implementing the Ransomware-as-a-Service (RaaS) distribution model. Indeed, anyone could sign up on their portal to be an ”affiliate”, getting a significant commission from each ransom payment made by victims. This made this actor very successful, which created a snowball effect where ransomware affiliates preferred GandCrab over other RaaS programs as branding matters in the ransomware business. Despite the fact that several versions of GandCrab had cryptographic flaws, with free decryptors available on the NoMoreRansom project website, it remained popular. That didn’t stop this actor making (as they claimed on forums) more than 150$M in a year.  
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54
GFYI [Official] EaseUS Data Recovery Wi...
I utilize EaseUS Par...zevish — 08:10

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>