Annual Ransomware Detection Count expected to be the highest this year, WatchGuard Threat Lab report reveals

As per the WatchGuard Threat Lab’s most-recent quarterly Internet Security Report, the number of Ransomware detected in Q1 2022 was double that of the number recorded across the entire 2021.


Additionally, the study reveals that EMEA still happens to be a safe spot for malware risks. It was also found out that WatchGuard Fireboxes in EMEA were impacted more than those in America and Asia-Pacific.

The chief security officer at WatchGuard, Corey Nachreiner stated that 2022 is on its way to becoming the year with the most annual ransomware detections. He advised companies to opt for a “true unified security approach” that is advanced enough to tackle the evolving attacks.

The research also included some other intriguing revelations such as:

#1 Log4Shell makes its presence felt

The public first got to hear about Log4Shell right before the end of 2021. Fast forward to this quarter, it has already popped up on the top 10 network attack list. Furthermore, WatchGuard’s last report emphasized on Log4Shell as the top security event. It attained a full-on 10.0 on CVSS, making it an extremely critical vulnerability, thanks to the fact that it’s commonly used in Java applications.

#2 Emotet is here to stay

Ever since making a comeback in Q4 2021, Emotet has gone on to secure three slots in the top 10 detections and top widespread malware. The threats related to it are Trojan.Vita, Trojan.Valyria, and MSIL.Mesna.4. Threat Lab suggests that Emotet downloads and installs the file after retrieving it from a malware delivery server.

#3 PowerShell scripts contribute to rising endpoint attacks

The findings for Q1 2022 show a year-over-year increase of 38% in endpoint detections. Almost nine out of every 10 such detections (88% to be precise) were thanks to scripts. Digging deep into the scripts led to the discovery that 99.6% of these were PowerShell ones. This indicates that cybercriminals have been putting extra focus on utilizing credible tools for executing fileless and LotL attacks.

#4 Unauthentic activity coupled with authentic crypto mining operations

Popular mining pool, Nanopool became a hot topic of the study in question. Nanopool domains are perceived as credible domains linked with a credible organization. But associations with these mining pools usually give rise to shady businesses or education networks.

#5 Unique detections at an all-time high

In Q1 2022, unique network attacks observed their highest volume in three years. Multiple businesses have reported being impacted by such unconventional threats.

Before wrapping this story up, it’s worth mentioning that in the last quarter, WatchGuard obstructed nearly five million network risks and over 21.5 million malware forms.


Read next: Researchers Discover Dangerous Malware That Can’t Be Detected By 50+ Antivirus Products
Previous Post Next Post