WannaCry is the most common Android ransomware: Bitdefender

GUEST RESEARCH: Bitdefender released its September 2022 Threat Debrief analyzing the most popular malware and cyber attack techniques.

Some of the key findings include:

• Most popular ransomware strains: After analyzing the ransomware variants detected in August 2022, Bitdefender found 193 active ransomware families. The most common were:

◦ WannaCry (48% of detections) – this strain made headlines around the world when a campaign of the variant hit organizations around the world in 2017. It was especially notorious for exploiting Eternal Blue, an exploit developed by the NSA and stolen by a group called The Shadow Brokers shortly before the attack.

◦ GandCrab (16%) – a ransomware-as-a-service strain whose authors infamously claimed to have generated $2 billion in ransom payments before announcing their “retirement” at a cybercrime forum in 2019. Bitdefender released the world’s first decryption tool to help victims get their data back in February 2018 for free. Despite the author’s apparent retirement, the strain is still popular among attackers.

◦ Cerber (10%) – another ransomware-as-a-service strain where an attacker licenses the creators’ malware and shares the illegal profits with them. This species uses the double extortion method of both encrypting and exfiltrating victim’s data before threatening to release it publicly if the requirements are not met.

• Most Popular Android Trojans: Bitdefender Telemetry discovered several Trojans targeting the Android mobile operating system in August 2022. The most common strains were:

◦ Downloader.DN (41% of detections) – Repackaged applications from the Google App Store and bundled with aggressive adware. Some adware downloads other malware variants.

◦ SMSSend.AYE (23%) – Malware that attempts to register as the default SMS application the first time by asking the user for permission. If successful, it collects the user’s incoming and outgoing messages and forwards them to a command and control (C&C) server.

◦ Agent.AQQ (16%) – A dropper malware that hides a malicious, encrypted payload in an app. If it can bypass the phone’s security, it decrypts and loads the payload.

• Most Forged Domains: The study also revealed trends in homograph attacks, in which attackers abuse international domain names to create websites that look very similar to popular sites. The most common websites faked in August were:

◦ blockchain.com (29%)
◦ myetherwallet.com (15%)
◦ facebook.com (14%)

The full investigation is available here https://businessinsights.bitdefender.com/bitdefender-threat-debrief-september-2022.

GET READY FOR XCONF AUSTRALI 2022

Thoughtworks presents XConf Australia, back in person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Engage in a robust agenda of conversations as local opinion leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software, and drive innovation for responsible technology.

Find out how we at Thoughtworks make technology better together.

Tickets are available now and all proceeds will be donated to Indigitek, a non-profit organization that strives to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket to the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!