***The year of 2016 was the year of ransomware.
Goal: Obtain statistics related to ransomware trends in 2016, including, but not limited to,
- (1) top 10 ransomware variants;
- (2) top 10 ransomware infrastructure locations; and
- (3) top 10 ransomware IPs
Tools: Elasticsearch, Kibana, Logstash
Source: OSINT Feed
Date Range: 2016
Winners (2016):
- Top 3 Ransomware –> Locky, Cerber, & TeslaCrypt
- Top 3 Ransomware Infrastructure Location -> United States, Germany, & Russia
I. Top 10 Ransomware (2016):
| Locky | 38,023 |
| Cerber | 4,656 |
| TeslaCrypt | 1,916 |
| TorrentLocker | 392 |
| CryptoWall | 368 |
| PayCrypt | 60 |
| CTB-Locker | 24 |
| PadCrypt | 16 |
| DMALocker | 12 |
| FAKBEN | 12 |
II. Top 10 Ransomware Infrastructure Location (2016):
| United States | 11,339 |
| Germany | 2,288 |
| Russia | 2,052 |
| Netherlands | 1,464 |
| Italy | 1,428 |
| China | 1,384 |
| United Kingdom | 969 |
| France | 892 |
| Poland | 861 |
| Turkey | 832 |
Reverse Engineering, Malware Deep Insight 