{"id":7548,"date":"2021-04-26T20:36:20","date_gmt":"2021-04-27T03:36:20","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7548"},"modified":"2023-04-05T12:40:26","modified_gmt":"2023-04-05T19:40:26","slug":"why-old-is-gold-for-ransomware","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/why-old-is-gold-for-ransomware\/","title":{"rendered":"Why ‘Old is Gold’ for Ransomware?"},"content":{"rendered":"
\n

Old is gold for ransomware. There are many reasons why we say this.<\/p>\n<\/blockquote>\n

In our recently published Ransomware Spotlight report 2020<\/a> we tracked down vulnerabilities that are being used by Ransomware to launch attacks on organizations worldwide. Here are a few surprising findings about old vulnerabilities in this report –<\/p>\n

    \n
  1. \n

    We identified 223 vulnerabilities that are associated with 125 Ransomware families. Surprisingly 96% (213) of weaknesses are old vulnerabilities discovered before 2020*.<\/p>\n<\/li>\n

  2. \n

    120 old vulnerabilities have been actively used by threat groups in the past decade to mount ransomware attacks. 87 of these vulnerabilities are trending during the period 2018 – 2020.<\/p>\n<\/li>\n

  3. \n

    Vulnerabilities discovered between 2017 – 2019 are largely being targeted by threat groups.<\/p>\n<\/li>\n<\/ol>\n

    \"\"<\/p>\n

      \n
    1. \n

      The oldest vulnerability that is still being used to deploy ransomware attacks is CVE-2007-1036, a RCE vulnerability associated with the Crypsam (SamSam) ransomware.<\/p>\n<\/li>\n<\/ol>\n

      \"\"<\/p>\n

        \n
      1. \n

        32% of old vulnerabilities used by ransomware are of Remote Code Execution (RCE) type and 6% are attributed to Privilege Execution (PE) type.<\/p>\n<\/li>\n

      2. \n

        42 Ransomware families use only old vulnerabilities to target their victims. Here are top 5 family names and the CVE ID of these weaknesses<\/p>\n<\/li>\n<\/ol>\n

         <\/p>\n