Analysing 80 Million Ransomware Files
One of the main challenges for defenders is understanding the whole picture as we all have partial visibility. We used VirusTotal's unique position to analyse more than 80 million ransomware files to understand how this threat evolved in the last 2 years: what are the main families, what artifacts are used for distribution and what are the most attacked countries. There are many lessons learned when analysing massive threat intelligence data. For instance, we tend to focus on the most widespread families, but there is a constant baseline of activity of around 100 not-so-popular ransomware families that never stops. Also, we discovered that the use of YARA rules was not that effective in detecting ransomware as it seems to be with other threats. We want to share this data and lessons learned to help everyone understand how to better protect from these threats.