The most prolific ransomware strain these days is Troldesh, aka Crysis, which claims hundreds of sub-variants, according to analysis from Bitdefender.
In its latest report, based on trends in its global network of more than 500 million sensors and honeypots, Bitdefender found that during 2017 alone, the number of new major ransomware families surpassed 160, with dozens or even hundreds of variations per family.
GlobeImposter, another extremely prolific ransomware family, competes head-to-head with Troldesh in the number of released sub-variants.
“The commercial malware ecosystem is intensely focused on developing and planting ransomware,” Bitdefender said. “Our stats show that one in six spam email messages comes bundled with some form of ransomware (link to drive-by download sites, attachments rigged with ransomware or even JavaScript/VBS downloaders for ransomware).”
Ransomware specifically aimed at companies has also emerged.
“Since the re-emergence this March of the Troldesh ransomware family, companies have faced extremely targeted attacks that abuse the Remote Desktop Protocol to connect to infrastructure, then manually infect computers,” the report noted. “Ransomware like Troldesh and GlobeImposter have lateral movement tools (such as Mimikatz) to infect the organization and log clean-up mechanisms to cover their tracks.”
There’s also a new wrinkle in the threat landscape: In the past few months, traditional threats, such as generic trojans, ransomware and spambots, have been massively complemented by data destructors. According to Bitdefender, this amounts to a “dramatic reshaping” of the scene.
The firm noted that much of this shift has been powered by military-grade code allegedly leaked from the NSA.
“Both WannaCry and GoldenEye wrought havoc throughout Q2 and Q3, shutting down businesses and causing unprecedented operating losses,” the report noted. “Novel lateral movement vectors have complemented zero-day exploits such as EternalBlue and EternalRomance to take over the enterprise space. Other significant trends in 2017 are the increased focus on freeware or open-source tools, stitched together by custom-built code to weaponize them to support the attacker’s agenda.”
To read the original article:
https://www.infosecurity-magazine.com/news/troldesh-nabs-top-ransomware-spot/