Virus, malware, and URL online scanning service VirusTotal has published a report analyzing 80 million ransomware samples submitted over the last year and a half. The report sheds light on the geographical distribution of ransomware-related submissions across over 140 countries.
VirusTotal Ransomware Activity Report
According to the report, users from Israel submitted the most samples, a 600 percent increase to its baseline. India stood at sixth place in the list behind South Korea, Vietnam, China, and Singapore. Other countries with the most number of VirusTotal submissions include Kazakhstan, Philippines, Iran, and the UK.
“Attackers are using a range of approaches, including well-known botnet malware and other Remote Access Trojans (RATs) as vehicles to deliver their ransomware. In most cases, they are using fresh or new ransomware samples for their campaigns,” said VirusTotal’s Vicente Diaz.
You can check out the submission trends in the chart below:
The report highlights that 95 percent of ransomware files detected were Windows-based executables or dynamic link libraries (DLLs). In addition, almost five percent of the analyzed samples were associated with exploits, most commonly Windows elevation of privileges, SMB information disclosures, and remote execution. On the other hand, Android-based submissions accounted for just 2 percent of the submissions.
Top 10 Ransomware Based on Sample Submissions
Going by the report, ransomware activity peaked in the first two quarters of 2020 due to ransomware-as-a-service group GandCrab. The report also lists the widely-used ones based on the number of samples submitted to VirusTotal. You can take a look at the list below:
- Gandcrab (78.5%)
- Babuk (7.61%)
- Cerber (3.11%)
- Matsnu (2.63%)
- Wannacry (2.41%)
- Congur (1.52%)
- Locky (1.29%)
- Teslacrypt (1.12%)
- Rkor (1.11%)
- Reveon (0.70%)