cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

New report reveals ransomware variants have doubled in 6 months

FortiGuard has reported ransomware variants have almost doubled in the past six months, with exploit trends demonstrating the endpoint remains a target as hybrid work continues to become the norm.

user iconReporter
Mon, 22 Aug 2022
New report reveals ransomware variants have doubled in 6 months
expand image

According to the new FortiGuard Labs Global Threat Landscape Report, one of the main drivers for this increase in diversity is the popularity of ransomware-as-a-service (RaaS). RaaS is designed to be capable of enabling a relatively unsophisticated criminal to execute a lucrative ransomware attack.

As organisations maintain remote and hybrid working models, cyber adversaries are focused on concealing activity from endpoint security systems. Looking at the top tactics and techniques from the past six months of endpoint detection and response (EDR) telemetry, defence evasion is the top tactic employed by malware developers. Attackers are likely to use techniques like system binary proxy execution to hide malicious intentions.

Cyber affiliates are now much more sophisticated in selecting their targets. An attacker that conducts deeper pre-attack reconnaissance will lead to a campaign that is highly tailored to the victim and much more likely to succeed than a generic a "spray-and-pray model".


According to Derek Manky, chief security strategist and VP global threat intelligence at FortiGuard Labs, cyber adversaries are advancing their playbooks to thwart defence and scale their criminal affiliate networks.

"They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment.

"To combat advanced and sophisticated attacks, organisations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks," Manky said.

Preparation is the best way to mitigate the threat of cyber attack. The Australian Cyber Security Centre Essential Eight's advice to prevent, contain, and recover will be very effective, ensuring that even if a breach occurs, any impact is minimised and services can be effectively and quickly restored.

FortiGuard Labs Global Threat Landscape Report highlights the following:

  • The ransomware threat continues to adapt with more variants enabled by RaaS.
  • Work-from-anywhere endpoints remain targets for cyber adversaries to gain access to corporate networks.
  • Operational technology (OT) and information technology (IT) environments are both attractive targets as cyber adversaries search for opportunities in the growing attack surface and IT/OT convergence.
  • Destructive threat trends continue to evolve, as evidenced by the spread of wiper malware as part of adversary toolkits.
  • Cyber adversaries are embracing more reconnaissance and defence evasion techniques to increase precision and destructive weaponisation across the cyber attack chain.
  • Ransomware variant growth shows evolution of crime ecosystems.

Ransomware remains a top threat and cyber adversaries continue to invest significant resources into new attack techniques. In the past six months, FortiGuard Labs has seen a total of 10,666 ransomware variants, compared to just 5,400 in the previous six-month period. That is nearly 100 per cent growth in ransomware variants in half a year.

RaaS, with its popularity on the dark web, continues to fuel an industry of criminals forcing organisations to consider ransomware settlements. To protect against ransomware, organisations, regardless of industry or size, need a proactive approach according to FortiGuard researchers. Real-time visibility, protection, and remediation coupled with zero-trust network access and advanced endpoint detection and response are critical.

The FortiGuard Labs Global Threat Landscape 1H 2022 report has found the number of ransomware variants has almost doubled over the previous six months, Glenn Maiden, director of threat intelligence, Australia and New Zealand at Fortinet added, explaining the volume of ransomware, which spiked in 2021, has remained steady.

"This means FortiGuard Labs has seen the same amount of ransomware attacks; however, there is double the diversity of ransomware variants," Maiden said.

[Related: Xiaomi mobile payment vulnerability could facilitate forged transactions]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.