VirusTotal Shares Data on Ransomware Activity

Googles online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half.

Attackers employed around 130 ransomware families in 2020 and the first half of 2021, with the GandCrab variant the most active, according to newly released data from VirusTotals first-ever ransomware report.
VirusTotal, which is part of Google, studied some 80 million ransomware samples that had been uploaded to the online malware scanning platform over the past year-and-a-half. Next in line for the most active ransomware families were Babuk, Cerber, Matsnu, Congur, Locky, Teslacrypt, Rkor, and Reveon, according to Googles VirusTotal
report findings
.
Some 140 countries submitted samples, led by Israel and then South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the UK.
Ransomware attacks have become
a big priority in the US government lately
as many high-profile companies (think: Colonial Pipeline) and healthcare organizations have been hit and suffered major operational disruption. Most recently, the US Department of Justice (DoJ) launched the
National Cryptocurrency Enforcement Team
to crack down on the illegal use of cryptocurrency, the anonymous payment conduit of choice by ransomware operators. It also announced the
Civil Cyber-Fraud Initiative
to ensure government contractors disclose their cybersecurity protocols and cyberattacks in order to protect agencies from supply chain-related cyberattacks.
Ransomware-as-a-Service
We saw peaks of ransomware activity in the first two quarters of 2020, primarily due to the ransomware-as-a-service group GandCrab (though its prevalence decreased dramatically in the second half of the year), said Vicente Diaz, threat intel strategist at Googles VirusTotal, in a blog post. Another sizable peak occurred in July 2021, driven by the Babuk ransomware family – a ransomware operation launched at the beginning of 2021 that was behind the attack on the Washington DC Metropolitan Police Department.
Diaz noted that large ransomware campaigns come and go, but some 100 ransomware families constantly circulate in the wild. Attackers use botnets and remote access Trojans (RATs) to transport ransomware, often with new samples of ransomware.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
VirusTotal Shares Data on Ransomware Activity