The Ransomware Index Update Q3 2021 report by Ivanti, Cyware, and Cyber Security Works has revealed several insights about how ransomware attacks are growing in volume and sophistication. The report shows that, besides other trends, threat groups are now increasingly using trojan-as-a-service and dropper-as-a-service.

Report insights 

The report suggests that researchers have observed an increase in the number of ransomware families, as well as the number of vulnerabilities used by these families for their attacks.
  • In Q3, ransomware groups expanded their attacks by abusing 12 new vulnerabilities, taking the number of vulnerabilities linked with ransomware from 266 to 278.
  • An increase of 4.5% was observed in trending vulnerabilities that are actively exploited to mount attacks, taking the total count of trending vulnerabilities to 140.
  • The total count of older vulnerabilities is now 258, which is 92.4% of all vulnerabilities related to ransomware.

What’s even more concerning is that ransomware groups are now able to exploit zero-day vulnerabilities even before the CVEs are assigned and patches are released.

Additional insights

The Q3 report analysis identified five new additional ransomware families, bringing the total count of ransomware families to 151. 
  • The new ransomware groups have quickly started exploiting dangerous vulnerabilities, such as ProxyShell, PetitPotam, and PrintNightmare, within a week of being disclosed.
  • One of the notable ransomware was the Cring ransomware, which exploited two older ColdFusion vulnerabilities, CVE-2009-3960 and CVE-2010-2861, already patched by the vendor.
  • Moreover, there is an increasing trend of the use of dropper-as-a-service and trojan-as-a-service among cybercriminals. This allows attackers to use highly sophisticated cloud-based infrastructure without any infrastructure expenses.


The research highlights that ransomware groups are evolving and becoming more dangerous than before. Additionally, attackers are increasingly exploiting vulnerabilities, which shows the importance of a robust patching mechanism. Therefore, organizations should adopt automated patching solutions and intel sharing for better protection.

Cyware Publisher