Ransomware variants almost double in six months, says study

As ransomware threats continue to grow, the number of ransomware variants are also increasing manifold. A new research has detected that these variants have nearly doubled in the last six months. 

The report published by FortiGuard Labs, the research arm of cybersecurity firm Fortinet said that a total of 10,666 ransomware variants have been detected in the last six months, compared to 5,400 variants detected in the previous six months, with more variants enabled by Ransomware-as-a-Service (RaaS), a subscription-based model that enables users, also known as affiliates, to use ransomware tools to execute attacks. 

The report notes there has been a surge in Wiper malware designed to delete data in the wake of the war that broke out between Russia and Ukraine. Examples of recent Wiper attacks include CaddyWiper, a variant used to wipe data and partition information from drives on systems belonging to a limited number of Ukrainian organisations soon after the war began, and WhisperGate, a wiper that Microsoft discovered being used in attacks against Ukrainian entities in January 2022, it said.

Besides, work-from-anywhere endpoints also remain targets for cyber adversaries to gain access to corporate networks. Operational technology (OT), the physical part of devices that are often outdated and information technology (IT) environments are both attractive targets as cyber adversaries search for opportunities in the growing attack surface and IT-OT convergence, said the report.

“Cyber adversaries are scaling their criminal affiliate networks,” said Vishak Raman, Vice President of Sales, India, SAARC & Southeast Asia at Fortinet. He added that “they are using aggressive execution strategies such as extortion or wiping data.” 

In addition to variants of Wiper attacks and ransomware, the Fortinet report notes that 2022 is on pace to be another record year for zero-day vulnerabilities. In the first six months of the year, Fortinet discovered 72 of these types of vulnerabilities in products from numerous vendors.

Not just FortiGuard Lab, in March this year, the US Federal Bureau of Investigation (FBI) said that it has investigated more than 100 different variants of ransomware, many of which have been used in multiple ransomware campaigns.

In July this year, another cybersecurity research firm, SonicWall Capture Labs, had notified an 11% increase in global malware, a 77% spike in IoT malware, a 132% rise in encrypted threats and a geographically-driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

Debasish Mukherjee, Vice President, Regional Sales APJ of SonicWall mentioned in the report that India's Malware hits are up 34% year-on-year (YoY), which are second highest globally after the US “organisations are increasingly becoming the targets of sophisticated threats which often outsmart even the most robust security defences,” he said.

According to Raman, “In order to combat advanced and sophisticated attacks, organisations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to spot anomalies and automatically initiate a coordinated response across hybrid networks.”

While breaches in recent years have highlighted how critical a robust cybersecurity strategy is for organisations, the biggest challenge organisations face today is arguably the shortage of cybersecurity expertise available to combat these attacks, the reports said.

The only way to compensate for that shortage is to employ more automation. However, as per an earlier Fortinet report published in June 2022, a general lack of interoperability between cybersecurity platforms often makes it difficult to implement automation at scale. It said that an overwhelming 80% of businesses across the globe have experienced data breaches that could be attributed to a lack of adequate cyber security skills or awareness across their organisation.