Google has released a report taking a close look at the more than 80 million ransomware samples uploaded to its VirusTotal service in the last year and a half.

Each day, approximately 150,000 ransomware samples were analysed by the free VirusTotal service after being submitted by suspicious computer users, and shared with the security community to enhance their threat intelligence and improve anti-virus products.

VirusTotal’s first Ransomware Activity Report reveals that it received ransomware submissions from 140 different countries around the world, and discovered at least 130 different ransomware families had been active since January 2020.

During deeper analysis of a smaller, curated and representative set of around one million double-checked ransomware samples, VirusTotal determined that the Gandcrab ransomware-as-a-service operation rules the chart for the most commonly seen family of ransomware by number of samples delivered, thanks largely to a surge in activity in early 2020:

“GandCrab had an extraordinary peak in Q1 2020 which dramatically decreased afterwards. It is still active but at a different order of magnitude in terms of the number of fresh samples”

Ransomware Samples

In runner-up position lies Babuk, which had a peak in submissions in July 2021:

“Another sizable peak occurred in July 2021, driven by the Babuk ransomware family – a ransomware operation launched at the beginning of 2021 that was behind the attack on the Washington DC Metropolitan Police Department.”

Of course, it’s important to look beyond the biggest ransomware families which may grab the headlines. Beyond the top ten ransomware groups, VirusTotal reports that “there is a baseline of activity of around 100 not-so-popular ransomware families that never stops.”

But what may surprise some people is the finding that typically ransomware does not take advantage of exploits to breach an organisation’s defences. According to the report, only 5% of the samples (Read more...)