At least 130 ransomware families were active in 2020 and in the first half of 2021, according to a recent data analysis from Google’s VirusTotal scanning service.
Analysis of more than 80 million potential ransomware-related samples submitted from 140 countries worldwide reveals that GandCrab has been the most active ransomware family hitting Windows systems since the beginning of 2020.
The analyzed samples were grouped by 30,000 clusters of malware, and GandCrab accounted for 6,000, followed by Cerber with nearly 5,000 clusters, and Congur, with roughly 2,500 clusters.
GandCrab remains the leader even when it comes to the number of different samples submitted to VirusTotal, accounting for 78.5% of them. Babuk, which emerged in early 2021 and was used in the attack on Washington DC Metropolitan Police Department, came in second with 7.61 percent of the submitted samples.
Cerber (with 3.11 percent of the samples), Matsnu (2.63 percent), and WannaCry (2.41 percent) rounded up top five. According to Google, WannaCry is likely present on the list because of “a remnant of an old detection that still applies to some current ransomware families,” and not due to a new wave of attacks.
[ Related: Understanding the Cryptocurrency-Ransomware Connection ]
Many of the big ransomware campaigns are short lived, but there’s a constant activity of roughly 100 ransomware families that continues at all times, according to the VirusTotal analysis.
Fresh samples are typically used for new campaigns, with botnets and remote access Trojans (RATs) used as delivery mechanisms. Attackers also use exploits for privilege escalation and for spreading their malware within internal networks.
The VirusTotal analysis also found that most ransomware continues to target Windows systems, as roughly 95 percent of the samples were Windows-based executables or dynamic link libraries (DLLs). Android ransomware accounted for 2 percent of the samples and Google also observed roughly 1 million EvilQuest ransomware samples targeting macOS machines.
In terms of geographical distribution, Israel appears to have been affected the most, with a 600 percent increase in sample submissions compared to the baseline, followed by South Korea and Vietnam, with approximately 150 percent each.
Related: Ransomware Risk Assessment Service Aims to Deflect Attacks
Related: Understanding the Cryptocurrency-Ransomware Connection