Researchers noted a change in the ransomware landscape following the fall of GandCrab earlier this year. In roughly 18 months of activity, this particular piece of ransomware generated more than $2bn.
“The fall of GandCrab, which dominated the ransomware market with a share of over 50 percent, has left a power vacuum that various spinoffs are quickly filling. This fragmentation can only mean the ransomware market will become more powerful and more resilient against combined efforts by law enforcement and the cybersecurity industry to dismantle it,” wrote researchers.
A notable player stepping into the space left by GandCrab’s exit is Sodinokibi (aka REvil or Sodin), which has quickly gained popularity in recent ransomware campaigns, focusing on specific industry verticals.
To help educate businesses about the threat posed by ransomware, Sophos yesterday published a report titled “How Ransomware Attacks.” In addition to detailing how the threat has evolved over the past three decades, Sophos’ report also takes an in-depth look at the largest ransomware families and highlights the most common types of attacks.
Included in the report are the characteristics and file system activity of ten ransomware variations. Alongside classics such as WannaCry, Ryuk, and SamSam, the report delves into newer strains like RobbinHood, Sodinokibi, and LockerGoga.
While ransomware continues to wreak havoc, Bitdefender researchers identified coin-mining malware used in cryptojacking campaigns, exploits leveraging unpatched or previously unknown vulnerabilities and fileless attacks, and banking trojans as the top three threats facing businesses and consumers.
Underlining just how serious the consequences of cyber-attacks can be, the researchers found that the European Union economy could face up to €2.5bn in financial losses, should internet infrastructures be taken offline for a single hour by IoT botnets causing DDoS attacks. The losses for an eight-hour workday reach around €20bn.