What about main ransomware types reported?
It is unfortunately a reality that throughout the year 2020 ransomware has continued to be a threat that is difficult to deal with.
Indeed, ransomware remained a persistent threat in Q3 2020. We have witnessed new ransomware strains. The attackers were working many hours based on them, before invade the target victim. So, new leak sites emerged during the third semester of 2020.
Were companies the only ransomware victim?
It should be noted that even school networks became a ransomware target, with the start of the new school year. In particular, it was common for attackers to wait for pupils to return to school before acting. This would make the impact of the attack more powerful and put time pressure on those responsible to deal with the problem. What is certain is that they had begun investigating the target and the breach and encryption of records, days or even weeks before the start of the school year. Obviously,the risk for similar attacks was higher due to increased distance learning during pandemic.
The third quarter of 2020 also recorded the first death related to a ransomware attack. Specifically, in September 2020 ransomware infected 30 servers of the University Hospital Düsseldorf in Germany. At the time, those responsible were forced to transfer the emergency incidences to other hospitals. One of the patients, who was in a very serious condition, was taken to a hospital 20 miles away. As a result, she was exhaled due to delays in her treatment.
Ransomware types with leading role
According to research by Emisoft and ID Ransomware, the most frequently reported Ransomware strains for the third quarter of 2020 were as follows:
STOP (Djvu): 69.90%
Revil / Sodinokibi: 3.30%
GlobeImposter 2.0: 0.90%
The investigation concerns approximately 120,000 ransomware incidents reported to the above companies between 1 July and 30 September 2020. It is worth mentioning that these are two companies targeted by ransomware victims. Their companies identify the ransomware type that attacked the victim companies and provide them with a free decryptor, when possible.
According to the same survey, the 10 most commonly occurring strains, excluding STOP, for the third quarter of 2020, are:
Revil / Sodinokibi: 10.70%
GlobeImposter 2.0: 2.90%
Medusa Locker: 2.40%
Ransomware strain dispersion by country
The countries that received the most attacks for the same quarter and submitted requests to the above companies, are the following:
South Korea: 8.10%
In conclusion, the STOP/DJVU strain was dominant in the reported attacks for the first nine months of 2020, accounting for 69.90% of encryption identification requests. It is a fact that it is the most prevalent type, as it has appeared with more than 160 variants. Similarly, the second quarter accounted for 71.7% of requests.
Comparing the second and third quarters of the year, we see no change in the 4 strains that have been reported most frequently (STOP, Phobos, Dharma και REvil / Sodinokibi).
However, Avaddon and Cryokl took the place of GoGoogle and Payment45 on the list of the 10 most frequently reported ransomware types. Moreover, with regard to country statistics, in the second quarter of 2020 the US underwent the biggest change with a 5.9% increase in requests. However, from 16.1% in the second quarter they fell to 8.1% in the third quarter.
Also,concerning the other countries, it is evident that Asian countries account for 76.2% of all ransomware identification requests in the third quarter. In other words, they are showing an increase compared to the second quarter of 60%. In particular, India ranks first with a slight increase of 0.1% in the third quarter.
Algeria, on the other hand, no longer appears in the third quarter, with Bangladesh showing up with 4.5%. That was the only new entry.