Adding to cart…

There are no more items in your wishlist

Continue shopping

There are no more items in your cart

Continue shopping
 
blog

Most commonly reported ransomware strains of Q1 2021

Most commonly reported ransomware strains of Q1 2021


In the first quarter of the year, tens of thousands of businesses, public entities and home users were hit by ransomware. Some of the most notable incidents included a Phoenix CryptoLocker attack on CNA Financial, one of the largest insurers in the U.S.; a Conti attack on Florida’s Broward County Public Schools, the sixth largest public school system in the U.S.; and a REvil attack on computer giant Acer, in which threat actors demanded the largest (publicly known) ransom to date – $50 million.


The following chart shows the 10 most commonly reported strains of Q1, which collectively made up 80.90% of all submissions this quarter. A ransomware family known as STOP/Djvu was by far the most common strain, accounting for 51.4% of all submissions.

  1. STOP (Djvu): 51.40%
  2. Phobos: 6.60%
  3. Darma: 5.10%
  4. Makop: 4.70%
  5. REvil / Sodinokibi: 4.60%
  6. Magniber: 2.80%
  7. LockBit: 1.50%
  8. GlobeImposter 2.0: 1.50%
  9. Cryakl: 1.40%
  10. Mars: 1.30%

Most commonly reported ransomware strains of Q1 2021 (STOP excluded)

The following chart shows the 10 most commonly reported strains of Q1 with STOP submissions excluded.

  1. Phobos: 13.60%
  2. Darma: 10.60%
  3. Makop: 9.70%
  4. REvil / Sodinokibi: 9.50%
  5. Magniber: 5.80%
  6. LockBit: 3.20%
  7. GlobeImposter 2.0: 3.00%
  8. Cryakl: 2.80%
  9. Mars: 2.60%
  10. Zeppelin: 2.40%

Most ransomware submissions by country

The following chart shows the 10 countries that accounted for the most ransomware submissions, with STOP submissions included. These 10 countries made up 58.10% percent of all global submissions this quarter.

  1. India: 12.50%
  2. Indonesia: 9.90%
  3. South Korea: 8.90%
  4. Pakistan: 8.00%
  5. US: 4.70%
  6. Egypt: 3.80%
  7. Brazil: 3.40%
  8. Italy: 2.50%
  9. Spain: 2.20%
  10. Turkey: 2.20%

STOP/Djvu, consistently the most submitted ransomware strain in 2020, was the most common ransomware this quarter, accounting for 51.40% of all submissions. Unlike many other ransomware variants, which tend to target high-value organizations, STOP primarily impacts home users and typically spreads through cracked software, key generators and activators. With STOP submissions excluded, we can see a much more balanced distribution of submissions, particularly among the four most common ransomware strains: Phobos, Darma, Makob and REvil.

Geographically, just 10 nations accounted for almost 6 in 10 of all global ransomware submissions this quarter. Submissions were heavily skewed toward Asia, with Asian nations accounting for 41.5% of submissions. India, consistently the leading ransomware submitter throughout 2020, again claimed the top spot in Q1 of 2021.

Source: https://blog.emsisoft.com/en/3...

Category:
Share: