Story image

What Google learned from analysing 80 million ransomware samples

By Shannon Williams, Fri 15 Oct 2021

Leaders at organisations across the globe are witnessing the alarming rise of ransomware threats with the sobering thought that an attack on their business may be not a matter of if, but when. 

That's according to new research from Google, after the tech giant analysed more than 80 million ransomware samples as part of its Ransomware Activity Report.

"The stakes are becoming higher," Google says. "Now, hackers are not just demanding money, they are threatening to reveal sensitive or valuable information if companies do not pay up or if they contact law enforcement authorities."

One of the main challenges to stopping ransomware attacks is the lack of comprehensive visibility into how these attacks spread and evolve. Leaders are often left with bits and pieces of information that don’t add up.

Some 140 countries submitted ransomware samples to the Ransomware Activity Report, which is designed to help security practitioners and the public understand the nature of ransomware attacks while enabling cyber professionals to better analyse suspicious files, URLs, domains and IP addresses.

Of those, Singapore is listed as Top 5 most affected territories based on the number of submissions to VirusTotal.

Attackers are using a range of approaches, including well-known botnet malware and other Remote Access Trojans (RATs) as vehicles to deliver their ransomware. In most cases, they are using fresh or new ransomware samples for their campaigns.

"How are we at Google keeping your business safe from this threat? Our robust platforms and products have to be secure by default, and have been designed to keep businesses protected from cybersecurity attacks and the growing threat of ransomware," the company says. 

Here are some ways it is doing this:

  • Developed with built-in and proactive security, Google's Chrome OS cloud-first platform blocks executables that ransomware often hides in, and system files are kept in a read-only partition ensuring the OS cannot be modified by apps or extensions.
  • Google says it is committed to offering the industry's most trusted cloud, and have developed solutions that help companies adhere to the five pillars of NISTs Cybersecurity Framework - from identification to recovery.
  • Google's Cloud Asset Inventory helps businesses identify and monitor all their assets in one place, allowing for quick detection and full visibility.
  • With email at the heart of many ransomware attacks, Gmail's advanced phishing and malware protection provides controls to quarantine emails, defends against anomalous attachment types and protects from inbound spoofing emails.
  • Google Cloud's threat detection platform, Chronicle, allows businesses to find and analyse threats faster within their infrastructure and applications, whether that's on Google Cloud or anywhere else.
Recent stories
More stories