Why 'Old is Gold' for Ransomware?
Posted on 26th Apr, 2021 | By Sumeetha
Old is gold for ransomware. There are many reasons why we say this.
In our recently published Ransomware Spotlight report 2020 we tracked down vulnerabilities that are being used by Ransomware to launch attacks on organizations worldwide. Here are a few surprising findings about old vulnerabilities in this report -
We identified 223 vulnerabilities that are associated with 125 Ransomware families. Surprisingly 96% (213) of weaknesses are old vulnerabilities discovered before 2020*.
120 old vulnerabilities have been actively used by threat groups in the past decade to mount ransomware attacks. 87 of these vulnerabilities are trending during the period 2018 - 2020.
Vulnerabilities discovered between 2017 - 2019 are largely being targeted by threat groups.
The oldest vulnerability that is still being used to deploy ransomware attacks is CVE-2007-1036, a RCE vulnerability associated with the Crypsam (SamSam) ransomware.
32% of old vulnerabilities used by ransomware are of Remote Code Execution (RCE) type and 6% are attributed to Privilege Execution (PE) type.
42 Ransomware families use only old vulnerabilities to target their victims. Here are top 5 family names and the CVE ID of these weaknesses
105 old vulnerabilities are being used by multiple ransomware families to launch ransomware attacks.
We also observed that CVSSv3 scores are not available for 112 CVEs since they were discovered before 2015. This means that organizations that only rely on CVSSv3 score to fix vulnerabilities will miss out on these weaknesses and will fail to patch them.
Old vulnerabilities have long been a gateway for ransomware attacks and the failure to patch them have resulted in data and reputational loss and privacy breach for organizations around the world.
Find out how susceptible you are to ransomware? Download our Ransomware Spotlight Report here.
Find out how you stand against ransomware.
*For the purpose of this report, we have tagged any vulnerability that was discovered in 2019 or in previous years as old vulnerabilities.