Google Analyzed 80 Million Ransomware Samples: Here’s What You Need To Know

by | October 18, 2021 | Cybersecurity News

The tech giant commissioned cybersecurity firm VirusTotal to conduct a comprehensive analysis of a staggering 80 million ransomware samples. The new report uncovers some rather concerning statistics and figures.

Google Looked At 80 Million Ransomware Samples

Google has recently published a new ransomware report, revealing that Israel was by far the largest submitter of samples.

VirusTotal was the one to conduct the extensive analysis, which consisted of reviewing as many as 80 million ransomware samples from 140 countries.

The report [PDF] reveals that Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, the Philippines, Iran, and the UK were the 10 most affected territories based on the number of submissions reviewed by the cybersecurity firm.

Israel had the highest number of submissions, with an almost 600% increase from its baseline amount of submissions. However, the report did not disclose what that baseline amount was during that period.

A new ransomware report from Google analyzed 80 million ransomware samples.
Source: Google

Ransomware Activity On The Rise

Since the beginning of last year, ransomware activity peaked during Q1 and Q2, which researchers linked to activity conducted by the ransomware-as-a-service group GandCrab.

“GandCrab had an extraordinary peak in Q1 2020 which dramatically decreased afterwards. It is still active but at a different order of magnitude in terms of the number of fresh samples,” VirusTotal said.

Another significant peak occurred in July 2021 and was driven by the Babuk ransomware group. The ransomware operation started at the beginning of this year. Babuk’s ransomware attack approach usually follows three steps: Initial access, network propagation, and action on objectives.

GandCrab was the most active ransomware gang since the start of 2020, accounting for 78.5% of samples. GandCrab was followed by Babuk and Cerber, which accounted for 7.6% and 3.1% of samples, respectively.

Source: Google

95% Of Ransomware Samples Were Windows-based Executables

The report uncovers that almost all the ransomware samples analyzed (95%) were Windows-based executable files or DLLs (dynamic link libraries), and 2% were Android-based.

The analysis also showed that exploits accounted for only a tiny portion of the ransomware samples – 5%.

“We believe this makes sense given that ransomware samples are usually deployed using social engineering and/or by droppers (small programs designed to install malware),” VirusTotal researchers said.

“In terms of ransomware distribution, attackers don’t appear to need exploits other than for privilege escalation and for malware spreading within internal networks.”  

After examining the samples, the cybersecurity firm added that there was a baseline of between 1,000 and 2,000 first-seen ransomware clusters at all times throughout the analyzed period.

“While big campaigns come and go, there is a constant baseline of ransomware activity that never stops,” it said.

Protect Your Company From Ransomware With ATTACK Simulator’s Security Awareness Training

Most ransomware attacks have one thing in common: their infectious vector – phishing emails.

To prevent such nasty incidents from happening, implement security awareness training in your company.

Over one billion phishing emails are sent out each day, and many of them bypass security filters. Thus, you need to be able to rely on your employees to stay vigilant and spot phishing scams.

You can successfully defend your business partly by training your employees on cybersecurity matters and especially phishing attacks, and partly by adopting more rigorous security measures, such as implementing multi-factor authentication and user behavior analytics.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.

Put your employees to the test with our free security awareness training trial and find out where you stand against a phishing attack!


ZDNet Google analysed 80 million ransomware samples: Here’s what it found

VirusTotal Ransomware In A Global Context


Photo by Pawel Czerwinski on Unsplash

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.