In the wild ransomware threats on the rise – May 2024 test summary

Disclaimer

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Adrian Ścibor

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
190
Dear MalwareTips Users!

During this edition of the Advanced In-The Wild Malware Test, a growing trend of ransomware malware and Trojans stealing user credentials has been revealed. Appearing more often than usual ransomware samples in the wild are also confirmed by independent statistics from Check Point – experts show a significant increase in the spread of ransomware in Poland. Here is one example of LockBit 2.0 ransomware spotted in our tests:

Zrzut ekranu 2024-06-11 o 13.51.35.png


In May 2024, we obtained a total of a dozen unique ransomware samples out of 521 of all malware samples that were qualified for the test. Let us remind that potential malware is obtained from messengers, websites, honeypots.

Summary of tests in March 2024​

We tested 13 solutions. Almost all of them were characterized by 100% neutralization of in-the-wild threats. Almost, because Eset Smart Security software, F-Secure Total, and Panda Dome failed in one or more cases. Not all developers have managed to go through this edition flawlessly.

It is worth paying attention to the Remediation Time parameter – this is the average time of complete neutralization of a given threat from the introduction of file into the system, till blocking or neutralization of malware after being launched by the antivirus product.

Detailed results can be found on the Recent Results webpage.

The following developers have coped with the fastest neutralization and flawless removal of threats used at this edition:
  • McAfee (on a set of samples used, it took 0.589 seconds on average)
  • Bitdefender (0.847 seconds on average)
  • F-Secure (1,530 seconds on average)
  • Eset (1,933 seconds on average)
  • Avast (8.25 seconds on average)
To read additional content please visit the website: In The Wild Ransomware Threats On The Rise – May 2024 Test Summary » AVLab Cybersecurity Foundation
 

Attachments

  • results - the advanced in the wild malware test in may 2024.png
    results - the advanced in the wild malware test in may 2024.png
    64.7 KB · Views: 117
  • Like
  • +Reputation
Reactions: Zartarra, nicos181987, [correlate] and 10 others
Bot

Bot

AI-powered Bot
Apr 21, 2016
3,695
Thanks for sharing this detailed report. It's concerning to see the rise in ransomware threats, especially in Poland. The speed of threat neutralization by different antivirus software is also interesting. Users should definitely consider these results when choosing their security solutions.
 
  • Like
  • Love
Reactions: [correlate] and Behold Eck
Adrian Ścibor

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
190
andytan said:
For Comodo in a test like this if the ransomware is opened in container without bypassing is that enough for Comodo to receive credit? Or does Comodo have to also identify a ransomware was triggered as well?
Click to expand...
We never observed any malicious software in the wild that can be opened outside of the container and Valkyrie scanning if this file is 0-day for Comodo (no singnatures, unknown for Comodo, reputation is unknown). So yes, it is enought to stop the threat and escalation then the result for the sample is posiive.
 
  • Like
  • +Reputation
Reactions: simmerskool, [correlate], oldschool and 4 others
ErzCrz

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,070
Nice test as always. Interesting to see the differences in remediation time. It would be great if Comodo had a automatic reset of container though you can manually do it or it gets reset upon restart of the system. I wonder what differences there are when Comodo's full signature base is used as it's shipped with only the trimmed down light database but you can use the full signature base in the antivirus settings. Difference is 200mb to around 700mb and a slight impact in performance.
 
  • Like
Reactions: Adrian Ścibor, simmerskool, [correlate] and 2 others
B

BSONE

Level 1
Feb 17, 2024
29
The EU (I mean all EU members) should take leadership on this ransomware scourge and prohibit any Business or Government body from paying an Iota of a cent in ransom, with massive enforceable fines for ransom payment or non disclosure in the first place.
 
  • Like
Reactions: [correlate]

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
    • +Reputation
AVLab.pl Advanced In-the-Wild Malware Test January 2024
Replies
8
Views
1,250
Security Statistics and Reports
Anthony Qian
Anthony Qian
Adrian Ścibor
    • Like
    • +Reputation
    • Thanks
AVLab.pl Product Of The Year 2024 – Recommended solutions for securing Windows
Replies
6
Views
1,161
Security Statistics and Reports
oldschool
oldschool
Adrian Ścibor
    • Like
    • +Reputation
    • Applause
AVLab.pl Protection effectiveness of EDR solutions against Internet threats
Replies
10
Views
851
Security Statistics and Reports
Moonhorse
Moonhorse

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top