A Google report that analysed more than 80 million ransomware samples submitted over the last year and a half has revealed that India is at the sixth place in the list of 140 countries most affected by ransomware. Israel was far and away an outlier, with the highest number of submissions and nearly a 600 per cent increase in the number of submissions compared to its baseline.
It was followed by South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran, and the UK as the most affected top 10 territories, based on the number of submissions to VirusTotal.
Launched in June 2004, VirusTotal was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle Security, a cybersecurity company which is part of Google Cloud Platform (GCP).
"This report is designed to help researchers, security practitioners and the general public understand the nature of ransomware attacks while enabling cyber professionals to better analyse suspicious files, URLs, domains and IP addresses," said Vicente Diaz of VirusTotal in its first 'Ransomware Activity Report'.
Hackers aren't only demanding money today but also threatening to reveal sensitive or valuable information if companies don't pay up or if they contact law enforcement authorities.
"We saw peaks of ransomware activity in the first two quarters of 2020, primarily due to the ransomware-as-a-service group GandCrab (though its prevalence decreased dramatically in the second half of the year)," said Diaz.
At least 130 different ransomware families were active in 2020 and the first half of 2021 - grouped by 30,000 clusters of malware that looked and operated in a similar fashion.
According to the report, there is a constant baseline of ransomware activity of approximately 100 ransomware families that never stops.
Attackers are using a range of approaches, including well-known botnet malware and other Remote Access Trojans (RATs) as vehicles to deliver their ransomware.
"In most cases, they are using fresh or new ransomware samples for their campaigns," the report mentioned. It said that Google Chrome OS cloud-first platform has had no reported ransomware attacks - ever - on any business, education or consumer Chrome OS device.