UPDATED 08:00 EDT / JANUARY 26 2022

SECURITY

Ivanti report finds 32 new ransomware families appeared in 2021

A new report has found that 32 new ransomware families appeared in 2021, bringing the total to 157, a 26% increase over the previous year.

The “Ransomware Spotlight Year End Report,” released today, comes from Ivanti Inc. It was conducted with Cyber Security Works Pvt. Ltd. and Cyware Labs Inc., based on data analysis of ransomware attacks throughout 2021. It’s well-known that ransomware attacks increased in 2021, but where this report becomes interesting is in its description of how they operate.

The report found that ransomware groups are continuing to target unpatched vulnerabilities and weaponize so-called zero-day or newly discovered vulnerabilities in record time to instigate crippling attacks. At the same time, they’re broadening their attack spheres and finding newer ways to compromise organizational networks and trigger high-impact assaults.

Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups. The report details 65 new vulnerabilities tied to ransomware last year, representing a 29% growth compared to 2020, bringing the total number of vulnerabilities associated with ransomware to 288.

Some 37% of these newly added vulnerabilities were actively trending on the dark web, a shady corner of the internet for illicit activities, and repeatedly exploited. In addition, 56% of the 223 older vulnerabilities identified before 2021 continued to be actively exploited by ransomware groups. Perhaps stating the obvious, the report notes that organizations need to prioritize and patch the weaponized vulnerabilities that ransomware groups are targeting – whether they are newly identified or older vulnerabilities.

Not surprisingly, ransomware groups were found to leverage zero-day vulnerabilities before they were disclosed and patches released. Notable in 2021 were QNAP (CVE-2021-28799), Sonic Wall (CVE-2021-20016), Kaseya (CVE-2021-30116) and, most recently Apache Log4j (CVE-2021-44228) vulnerabilities. All were exploited before they made it to the National Vulnerability Database.

The report states that these dangerous trends highlight the need for agility for vendors to disclose vulnerabilities and release patches based on priority. It further signals that organizations need to look beyond the NVD and keep an eye out for vulnerability trends, exploitation instances, vendor advisories and alerts from security agencies while prioritizing the vulnerabilities to patch.

Ransomware groups were also found to be increasingly targeting supply chain networks to inflict significant damage and cause widespread chaos. The report explains that a single supply chain compromise can open multiple avenues for threat actors to hijack complete system distributions across hundreds of victim networks. In 2021, threat actors compromised supply chain networks via third-party applications, vendor-specific products and open-source libraries.

Although it’s not new, ransomware-as-a-service continued to grow in 2021, but the report does note the emergence of “exploit-as-a-service” solutions that allow threat actors to rent zero-day exploits from developers. Additionally, what’s described as “dropper-as-a-service” emerged in 2021. It’s a service that allows “newbie” threat actors to distribute malware through programs that can execute a malicious payload onto a victim’s computer.

Looking ahead, the report warns that with 157 ransomware families exploiting 288 vulnerabilities, ransomware groups are poised to wage rampant attacks in the coming years.

“Ransomware groups are becoming more sophisticated, and their attacks more impactful,” Srinivas Mukkamala, senior vice president of security products at Ivanti, said in a statement. “These threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into compromised networks.”

Mukkamala added that ransomware groups “are also expanding their targets and waging more attacks on critical sectors, disrupting daily lives and causing unprecedented damage.”

Image: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU