Threat Trend Report on Ransomware – Statistics and Major Issues in June 2024
Objectives and Scope
This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in June 2024, as well as notable ransomware issues in Korea and other countries. Other major issues and statistics for ransomware that are not mentioned in the report can be found by searching for the following keywords or via the Statistics menu at AhnLab Threat Intelligence Platform (hereinafter “ATIP”).
l Ransomware
l Malware by Types
Disclaimer: The number of ransomware samples and targeted systems are based on the detection names designated by AhnLab, and the statistics on targeted businesses are based on the time the information on the ransomware group’s dedicated leak sites (DLS, identical to ransomware PR sites or PR pages) was collected by the ATIP infrastructure.
Key Statistics
1. Data Sources and Collection Methods
ATIP uses AhnLab Smart Defense (ASD) to monitor and analyze the following ransomware information.
- List of malicious files and behaviors detected and collected by AhnLab Smart Defense (ASD)
- List of targeted businesses posted on ransomware groups’ DLS
The number of new ransomware samples and statistics on targeted systems were calculated based on the detection names designated by AhnLab. They were also limited to cases where the detected files and behaviors were diagnosed under the category of “Ransomware/” or “Ransom/”.
- Ransomware/Win.Magniber: Example file detection name
- Ransom/MDP.Magniber: Example behavior detection name
The detection names acquired at the time of detection may not allow for the identification of ransomware types (e.g. Generic, Agent, Edit, Decoy, and others), and some cases may be excluded from the ransomware statistics or be counted as a different ransomware type due to changed detection names after detection or a failed detection.
The statistics on targeted businesses are the values that have been organized based on the data accumulated through regular monitoring of ransomware groups’ DLS, where the groups reveal the targeted businesses. If the DLS page was inaccessible or the collection happened late, then the data may have been excluded from the statistics or have been considered to be collected at a time different from the exact date the victim was revealed.
Therefore, this report should be used as a reference to check the general trends of ransomware samples and targeted systems and to see which ransomware groups are actively engaged in attacks through the statistics on targeted businesses to gain a general understanding of trends.
2. Overall Ransomware Statistics
The total number of new ransomware samples collected during the past six months is as follows.
Figure 1. Number of new ransomware samples
The number of new samples decreased by a small amount in June. This is due to the large decrease in Stop ransomware (files created in 2019) samples which ranked 1st in May. Other malware with new samples in June will be discussed in more detail in the section “3. New Samples by Ransomware.”
The table below shows the total numbers after removing duplicate data of ransomware files used in targeted systems and infection. (The term “targeted systems” was used for your convenience, yet it should be understood as systems where ransomware files and behaviors were detected or systems that were exposed to infections.)
Figure 2. Systems and files affected by ransomware
Infection attempts involving Magniber ransomware showed a constantly high rate even in 2024. In May, the number of systems infected by Magniber was 56 on average per day and in June thefigure was almost similar, at 55 per day. For specific values, refer to “Figure 7. Daily number of targeted systems by ransomware (June 2024).”
The total number of ransomware behavior detection (Multi-Dimensional Prevention)-based targeted systems and blocked report cases are as follows. Behavior detection system statistics were not too different from those of last month either. As for Magniber, there were no variants or redistributions of files.
Figure 3. Affected systems where ransomware behavior was detected and reports
3) New Samples by Ransomware
Below are the statistics showing the 819 new samples that were discovered in June, organized by ransomware types. Only 20 ransomware with the most samples are shown.
Figure 4. Number of new samples per ransomware (June 2024)
The number of new samples collected in June decreased slightly in comparison to May. This is due to Stop ransomware samples (files created in 2019) which ranked 1st in May (503 samples) decreasing to 47 in June. GandCrab samples which ranked 1st in June were all files created in February 2018 with no variants or resumption of distribution.
