Ransomware variants almost double in six months – FortiGuard

Ransomware variants have almost doubled in the past six months, with exploit trends demonstrating the endpoint remains a target as work-from-anywhere continues, according to the latest semiannual FortiGuard Labs Global Threat Landscape Report. 

“Cyber adversaries are advancing their playbooks to thwart defence and scale their criminal affiliate networks,” says Derek Manky, chief security strategist and VP global threat intelligence, FortiGuard Labs. 

“They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment,” he says. 

“To combat advanced and sophisticated attacks, organisations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks.”

Glenn Maiden, director of threat intelligence, Australia and New Zealand, Fortinet, adds, “The FortiGuard Labs Global Threat Landscape 1H 2022 report has found the number of ransomware variants has almost doubled over the previous six months while the volume of ransomware, which spiked in 2021, has remained steady.

“This means FortiGuard Labs has seen the same amount of ransomware attacks; however, there is double the diversity of ransomware variants,” he says.

One of the drivers for this increase in diversity is the popularity of Ransomware-as-a-Service (RaaS). RaaS can enable even a relatively unsophisticated criminal to execute a lucrative ransomware attack.

As organisations maintain remote and hybrid working models, cyber adversaries are focusing on concealing activity from end point security systems. Looking at the top tactics and techniques from the past six months of endpoint detection and response (EDR) telemetry, defence evasion is the top tactic employed by malware developers. Attackers are likely to use techniques like system binary proxy execution to hide malicious intentions.

Cyber affiliates are now much more sophisticated in selecting their targets. An attacker that conducts deeper pre-attack reconnaissance will lead…