Ransomware Q3 Index Report: Steady Increase in Vulnerabilities and New Ransomware Families

Posted on Nov 9, 2021 | By Sumeetha Manikandan

Albuquerque: Ransomware Q3 Index Update - spotlighting metrics that are important to Ransomware research will be published on Nov 9, 2021. In the Q3 report, we noticed the following -

  • A steady increase in the vulnerabilities with 12 new vulnerabilities associated with ransomware. As of today, 278 vulnerabilities open the doors for ransomware attacks.
  • There has been a 4.5% increase in trending vulnerabilities that are being actively exploited to mount attacks
  • The number of ransomware families has increased by 3.4% and today there are 151 families in total.
  • As of today, 258 older vulnerabilities are being used to launch attacks on victims.

Our research shows 12 vulnerabilities have become a part of the ransomware arsenal in the Q3 of 2021. Worryingly, five of these vulnerabilities are capable of remote code execution.

Ransomware attackers are also continuing to leverage zero-day vulnerabilities even before it is published in the NVD and patches released, taking their victims by surprise. The most recent example of such an attack would be the Kaseya supply chain attack where the REvil ransomware group exploited the vulnerability even when the security team was working on releasing the patch.

The Association of old vulnerabilities to ransomware is a trend we have been seeing ever since we published the spotlight report. Today, 92.4% of vulnerabilities used by ransomware attackers are older vulnerabilities discovered before 2021 making a strong case for cyber hygiene.

Commenting about the research Aaron Sandeen, CEO of Cyber Security Works, said, “We continued to see ransomware attacks aggressively increase in sophistication and frequency in Q3.  We also saw our customers increase their cyber security maturity and reduce their risks by working with us to continuously assess their vulnerabilities, incorporate our threat intelligence into their daily operations and decrease the time to complete remediation.”

“Our research on Ransomware has enabled us to prioritize patches for our VMaaS customers. Today their patching cadence is agile. This is a big shift from the traditional way of applying patches.  As soon as zero-days are weaponized, we immediately inform our customers to apply the patches as they become available. Thanks to our research we have been able to improve the security posture of our clients.” said Ram Movva, Chairman and Cofounder of Cyber Security Works.

Srinivas Mukkamala, Senior Vice President of Security Products at Ivanti, said: “Ransomware groups continue to mature their tactics, expand their attack arsenals, and target unpatched vulnerabilities across enterprise attack surfaces. With this report, we aim to help organizations realize the security risk and vulnerability exposure of their environments and endpoints and provide actionable intelligence to remediate faster. It’s critical that organizations take a proactive, risk-based approach to patch management and leverage automation technologies to reduce the meantime to detect, discover, remediate, and respond to ransomware attacks and other cyber threats.”

Anuj Goel, CEO at Cyware said, “This research underscores that ransomware is continuing to evolve, and is becoming more dangerous based on the catastrophic damage it can inflict on target organizations. What is more complex for many organizations, is the inability of vertical industries to rapidly share specific IOC’s irrespective of their industry, in a way that is easy to curate, operationalize and disseminate to take action before an attack hits.  Managing organizational risk means companies should be looking at a collective defense strategy to have continuous visibility into the attack and risk surfaces respectively, to reduce huge losses to reputation, customers, and finances. The more that cyber teams can tie into IT automation and processes, the better and more efficient they’ll be in countering ransomware.”.”

For the Q3 index report, CSW partnered with RiskSense (Acquired by Ivanti) and with Cyware - a leading provider of threat intelligence solutions to broaden awareness and reach of our research. The primary data for this research is collated from publicly available threat data and proprietary databases present with CSW’s pentesters and security analysts and from Ivanti’s automation platform.


About CSW

CSW is a cybersecurity services company focused on attack surface management and penetration testing as a service. Our innovation in vulnerability and exploit research led us to discover 49+ zero days in popular products such as Oracle, D-Link, WSO2, Thembay, Zoho, etc., among others. We became a CVE Numbering Authority to enable thousands of bug bounty hunters and play a critical role in the global effort of vulnerability management. As an acknowledged leader in Vulnerability research and analysis, CSW is ahead of the game helping organizations worldwide to secure their business from ever-evolving threats.

For more information visit www.cybersecurityworks.com or follow us on LinkedIn and Twitter.


About Ivanti

Ivanti makes the Everywhere Workplace possible. In the Everywhere Workplace, employees use myriad devices to access IT applications and data over various networks to stay productive as they work from anywhere. The Ivanti Neurons automation platform connects the company’s industry-leading unified endpoint management, zero-trust security, and enterprise service management solutions, providing a unified IT platform that enables devices to self-heal and self-secure and empowers users to self-service. Over 40,000 customers, including 96 of the Fortune 100, have chosen Ivanti to discover, manage, secure, and service their IT assets from cloud to edge, and deliver excellent end-user experiences for employees, wherever and however they work.

For more information, visit www.ivanti.com and follow @GoIvanti.


About Cyware

Cyware helps enterprise cybersecurity teams build platform-agnostic virtual cyber fusion centers. Cyware is transforming security operations by delivering the cybersecurity industry's only Virtual Cyber Fusion Center Platform with next-generation SOAR (security orchestration, automation, and response) technology. As a result, organizations can increase speed and accuracy while reducing costs and analyst burnout. Cyware's Virtual Cyber Fusion solutions make secure collaboration, information sharing, and enhanced threat visibility a reality for enterprises, sharing communities (ISAC/ISAO), MSSPs, and government agencies of all sizes and needs.

For more information, visit  https://cyware.com/


Secure your environment from cyber-attacks!

Know How