Tag Archives: Safety & Security

Making Open Source software safer and more secure

We welcomed the opportunity to participate in the White House Open Source Software Security Summit today, building on our work with the Administration to strengthen America’s collective cybersecurity through critical areas like open source software.

Industries and governments have been making strides to tackle the frequent security issues that plague legacy, proprietary software. The recent log4j open source software vulnerability shows that we need the same attention and commitment to safeguarding open source tools, which are just as critical.

Open source software code is available to the public, free for anyone to use, modify, or inspect. Because it is freely available, open source facilitates collaborative innovation and the development of new technologies to help solve shared problems. That’s why many aspects of critical infrastructure and national security systems incorporate it. But there’s no official resource allocation and few formal requirements or standards for maintaining the security of that critical code. In fact, most of the work to maintain and enhance the security of open source, including fixing known vulnerabilities, is done on an ad hoc, volunteer basis.

For too long, the software community has taken comfort in the assumption that open source software is generally secure due to its transparency and the assumption that “many eyes” were watching to detect and resolve problems. But in fact, while some projects do have many eyes on them, others have few or none at all.

At Google, we’ve been working to raise awareness of the state of open source security. We’ve invested millions in developing frameworks and new protective tools. We’ve also contributed financial resources to groups and individuals working on securing foundational open source projects like Linux. Just last year, as part of our $10 billion commitment to advancing cybersecurity, we pledged to expand the application of our Supply chain Levels for Software Artifacts (SLSA or “Salsa”) framework to protect key open source components. That includes $100 million to support independent organizations, like the Open Source Security Foundation (OpenSSF), that manage open source security priorities and help fix vulnerabilities.

But we know more work is needed across the ecosystem to create new models for maintaining and securing open source software. During today’s meeting, we shared a series of proposals for how to do this:

Identifying critical projects

We need a public-private partnership to identify a list of critical open source projects — with criticality determined based on the influence and importance of a project — to help prioritize and allocate resources for the most essential security assessments and improvements.

Longer term, we need new ways of identifying software that might pose a systemic risk — based on how it will be integrated into critical projects — so that we can anticipate the level of security required and provide appropriate resourcing.

Establishing security, maintenance & testing baselines

Growing reliance on open source means that it’s time for industry and government to come together to establish baseline standards for security, maintenance, provenance, and testing — to ensure national infrastructure and other important systems can rely on open source projects. These standards should be developed through a collaborative process, with an emphasis on frequent updates, continuous testing, and verified integrity.

Fortunately, the software community is off to a running start. Organizations like the OpenSSF are already working across industry to create these standards (including supporting efforts like our SLSA framework).

Increasing public and private support

Many leading companies and organizations don’t recognize how many parts of their critical infrastructure depend on open source. That’s why it’s essential that we see more public and private investment in keeping that ecosystem healthy and secure. In the discussion today, we proposed setting up an organization to serve as a marketplace for open source maintenance, matching volunteers from companies with the critical projects that most need support. Google stands ready to contribute resources to this effort.

Given the importance of digital infrastructure in our lives, it’s time to start thinking of it in the same way we do our physical infrastructure. Open source software is a connective tissue for much of the online world — it deserves the same focus and funding we give to our roads and bridges. Today’s meeting at the White House was both a recognition of the challenge and an important first step towards addressing it. We applaud the efforts of the National Security Council, the Office of the National Cyber Director, and DHS CISA in leading a concerted response to cybersecurity challenges and we look forward to continuing to do our part to support that work.

New action to combat cyber crime

Today, we took action to disrupt Glupteba, a sophisticated botnet which targets Windows machines and protects itself using blockchain technology. Botnets are a real threat to Internet users, and require the efforts of industry and law enforcement to deter them. As part of our ongoing work to protect people who use Google services via Windows and other IoT devices, our Threat Analysis Group took steps to detect and track Glupteba’s malicious activity over time. Our research and understanding of this botnet’s operations puts us in a unique position to disrupt it and safeguard Internet users around the world.

We’re doing this in two ways. First, we are coordinating with industry partners to take technical action.

And second, we are using our resources to launch litigation — the first lawsuit against a blockchain enabled botnet — which we think will set a precedent, create legal and liability risks for the botnet operators, and help deter future activity.

About the Glupteba botnet

A botnet is a network of devices connected to the internet that have been infected with a type of malware that places them under the control of bad actors. They can then use the infected devices for malicious purposes, such as to steal your sensitive information or commit fraud through your home network.

After a thorough investigation, we determined that the Glupteba botnet currently involves approximately one million compromised Windows devices worldwide, and at times, grows at a rate of thousands of new devices per day. Glupteba is notorious for stealing users’ credentials and data, mining cryptocurrencies on infected hosts, and setting up proxies to funnel other people’s internet traffic through infected machines and routers.

Technical action

We coordinated with industry partners to take technical action. We have now disrupted key command and control infrastructure so those operating Glupteba should no longer have control of their botnet — for now.

However, due to Glupteba’s sophisticated architecture and the recent actions that its organizers have taken to maintain the botnet, scale its operations, and conduct widespread criminal activity, we have also decided to take legal action against its operators, which we believe will make it harder for them to take advantage of unsuspecting users. .

Legal Strategy & Disruption

Our litigation was filed against the operators of the botnet, who we believe are based in Russia. We filed the action in the Southern District of New York for computer fraud and abuse, trademark infringement, and other claims. We also filed a temporary restraining order to bolster our technical disruption effort. If successful, this action will create real legal liability for the operators.

Making the Internet Safer

Unfortunately, Glupteba’s use of blockchain technology as a resiliency mechanism is notable here and is becoming a more common practice among cyber crime organizations. The decentralized nature of blockchain allows the botnet to recover more quickly from disruptions, making them that much harder to shutdown. We are working closely with industry and government as we combat this type of behavior, so that even if Glupteba returns, the internet will be better protected against it.

Our goal is to bring awareness to these issues to protect our users and the broader ecosystem, and to prevent future malicious activity.

We don’t just plug security holes, we work to eliminate entire classes of threats for consumers and businesses whose work depends on the Internet. We have teams of analysts and security experts who are dedicated to identifying and stopping issues like DDoS, phishing campaigns, zero-day vulnerabilities, and hacking against Google, our products, and our users.

Taking proactive actions like this are critical to our security. We understand and recognize the threats the Internet faces, and we are doing our part to address them.

An update on our Privacy Sandbox commitments

For further background on this topic, please see our blog from June.

Since we announced our Privacy Sandbox commitments earlier this year, we have continued to work with the UK’s Competition and Markets Authority (CMA) to address feedback that was raised as part of its public consultation process. We have also continued to update and seek feedback from the market and the UK Information Commissioner's Office (ICO) on our proposals.

We are determined to ensure that the Privacy Sandbox is developed in a way that works for the entire ecosystem and, as part of this process, we have now offered revised commitments, which can be found in full on the CMA’s website.

These revisions underline our commitment to ensuring that the changes we make in Chrome will apply in the same way to Google’s ad tech products as to any third party, and that the Privacy Sandbox APIs will be designed, developed and implemented with regulatory oversight and input from the CMA and the ICO. We also support the objectives set out yesterday in the ICO’s Opinion on Data protection and privacy expectations for online advertising proposals, including the importance of supporting and developing privacy-safe advertising tools that protect people’s privacy and prevent covert tracking.

The revised commitments incorporate a number of changes including:

  1. Monitoring and reporting. We have offered to appoint an independent Monitoring Trustee who will have the access and technical expertise needed to ensure compliance.
  2. Testing and consultation. We have offered the CMA more extensive testing commitments, along with a more transparent process to take market feedback on the Privacy Sandbox proposals.
  3. Further clarity on our use of data. We are underscoring our commitment not to use Google first-party personal data to track users for targeting and measurement of ads shown on non-Google websites. Our commitments would also restrict the use of Chrome browsing history and Analytics data to do this on Google or non-Google websites.

If the CMA accepts these commitments, we will apply them globally.

We continue to appreciate the thoughtful approach and engagement from the CMA and ICO as we develop our Privacy Sandbox proposals. We welcome, and will carefully consider, any comments that people provide during the consultation process.

An update on our Privacy Sandbox commitments

For further background on this topic, please see our blog from June.

Since we announced our Privacy Sandbox commitments earlier this year, we have continued to work with the UK’s Competition and Markets Authority (CMA) to address feedback that was raised as part of its public consultation process. We have also continued to update and seek feedback from the market and the UK Information Commissioner's Office (ICO) on our proposals.

We are determined to ensure that the Privacy Sandbox is developed in a way that works for the entire ecosystem and, as part of this process, we have now offered revised commitments, which can be found in full on the CMA’s website.

These revisions underline our commitment to ensuring that the changes we make in Chrome will apply in the same way to Google’s ad tech products as to any third party, and that the Privacy Sandbox APIs will be designed, developed and implemented with regulatory oversight and input from the CMA and the ICO. We also support the objectives set out yesterday in the ICO’s Opinion on Data protection and privacy expectations for online advertising proposals, including the importance of supporting and developing privacy-safe advertising tools that protect people’s privacy and prevent covert tracking.

The revised commitments incorporate a number of changes including:

  1. Monitoring and reporting. We have offered to appoint an independent Monitoring Trustee who will have the access and technical expertise needed to ensure compliance.
  2. Testing and consultation. We have offered the CMA more extensive testing commitments, along with a more transparent process to take market feedback on the Privacy Sandbox proposals.
  3. Further clarity on our use of data. We are underscoring our commitment not to use Google first-party personal data to track users for targeting and measurement of ads shown on non-Google websites. Our commitments would also restrict the use of Chrome browsing history and Analytics data to do this on Google or non-Google websites.

If the CMA accepts these commitments, we will apply them globally.

We continue to appreciate the thoughtful approach and engagement from the CMA and ICO as we develop our Privacy Sandbox proposals. We welcome, and will carefully consider, any comments that people provide during the consultation process.

Our work to keep you safe online is never done

At Google, we keep more people safe online than anyone else with products that are secure by default, private by design and put you in control of your data. To celebrate Cybersecurity Awareness Month, we’ve introduced new features and technologies that keep your data private and secure.

Protecting your privacy with products that are secure by default

Protecting your privacy starts with the most advanced digital security. That’s why we make our products secure by default and help keep your data safe with customized recommendations in Security Checkup, an easy, personalized way to secure your Google Account. So whether you’re browsing the web, managing your inbox, or sharing your vacation photos, we’re keeping you safe with automatic protections built right into our products. Today we’re excited to share some new security products and features:

  • Introducing the New Security Hub on Pixel: The Security Hub brings all your security-related features and settings into one place on your Pixel device. In the hub, you'll see a clear red, yellow, or green indication of whether your system is secure based on inputs from Google Play Protect to your Google Account. If there's something wrong, the Hub will give you straightforward recommendations of what's wrong and what to do next. This feature is currently only available on Pixel devices, but we have plans to roll this out to our entire ecosystem in the future.
  • Google Fi Announces End-to-End Encrypted Calls: On top of built-in VPN and spam blocking features included in all phone plans, Google Fi is introducing end-to-end encrypted calls. One-to-one calls between Android phones on Fi will be secured with end-to-end encryption by default when they become available in the coming weeks, so your phone conversations stay between you and the person you're talking to.
  • Google One Announces VPN Expansion to New Countries: VPN by Google One keeps your network activity safer from hackers and online eavesdroppers. Already available on Android for Google One members on Premium plans (2 TB and higher) in Canada, France, Germany, Italy, Mexico, Spain, the United Kingdom, and the United States, starting today, we’ll begin rolling out the VPN in 10 more countries: Austria, Belgium, Denmark, Finland, Iceland, Ireland, the Netherlands, Norway, Sweden and Switzerland.
  • New Safe Browsing in Android Messages & Chat: Enables stronger protections against phishing and malware attacks, checks uncommon URLs in real-time to assess threats, and temporarily links data to your Google Account to offer tailored protection.
  • Chrome HTTPS-First Mode: HTTPS is a secure and private way for users to communicate with websites, reducing the risk of threats like network eavesdropping. With HTTPS-First Mode activated, Chrome will upgrade its connection to all pages a user visits to HTTPS. If HTTPS isn’t supported, the user will be shown a warning before loading a site with a less secure connection.

Building products that are Private by Design

Protecting user privacy is core to how we conceptualize, design, and build our products. This means continuously making thoughtful decisions about when, how, and why data is used in our products – and minimizing data use and retention when possible.

That’s why we’ve worked to create and open source privacy preserving technologies like Differential Privacy and Federated Learning. These technologies allow us to give you a customized experience without identifying individuals and while minimizing the amount of data that’s collected.

Ephemeral Learning is another privacy preserving technology that we’ve used to help train the models that power some of our most helpful features. Ephemeral Learning is a privacy-preserving technique that applies to cases where the training model runs on Google’s servers. Incoming data samples are stored in short-term memory for a training algorithm to learn from, and then they’re deleted within minutes. These samples are processed without any additional user signals, and without humans ever looking at the data. This technique allows us to train the models that power features like voice-to-text transcription while preserving privacy and reducing the amount of data stored.

We’ve also recently developed and open sourced Private Set Membership – a privacy preserving technology that makes it possible for an individual device to check membership against a dataset while maintaining the privacy of both the device and the dataset. This builds on our previous work on Private Join and Compute. As always, we’re committed to open sourcing and making these technologies widely available for developers around the world.

You’re in Control with Powerful Privacy and Security Settings

You should be able to choose the privacy settings that are right for you, with controls that are easy to use and understand and available right in the product when you need them. That’s why we created one place to manage settings in your Google Account, introduced Auto-Delete options, and created controls that appear in context when you’re using our products.

Back in May, our Photos team introduced Locked Folder on Pixel - a passcode-protected space where you can save photos and videos separately, so they won't show up as you scroll through Google Photos or any other apps on your device. We’re excited to share that this feature is coming to Google Photos on Android soon, and to iOS early next year.

locked folder GIF

In May, our Photos team introduced Locked Folder on Pixel - a passcode-protected space where you can save photos and videos separately.

October may be Cybersecurity Awareness Month, but our work to keep you safe online is never done. Visit our Safety Center to learn all the ways we’re making every day safer with Google.

Stay safe online ahead of shopping season

Do you hear that? Click, tap, kaching! The frenzy of the year-end shopping season is upon us. In Asia, that means big shopping occasions like 10/10, 11/11 and 12/12. It also — unfortunately — means an increase in risks that users face, as more people head online and the range of threats from cybercrime increases.

According to data from the United Nations, cybercrime has already risen 600% since the start of the COVID-19 pandemic. But how and why are people still at risk? Where are people most vulnerable? And what can we do differently to better protect ourselves online, not just during shopping season, but all year round? To find out, we commissioned a study, conducted by YouGov, surveying over 13,000 respondents aged 18 and above across Asia-Pacific. Here are our findings, and our top tips for staying safe online.

1. Password recycling = risk

Poor password “hygiene” is far too common in Asia-Pacific, with over 80% of respondents using the same passwords across multiple sites, and almost half admitting to recycling passwords for up to 10 unique sites. If a password is stolen on any of these sites, a user’s accounts on the other sites become vulnerable as well. A worrying 1 in 2 respondents also confessed to using guessable passwords with easily-crackable combinations, such as significant dates and names of partners or pets.

What do we suggest people do instead?

  • Create a unique password for each account to eliminate this risk. Make sure that each password is hard to guess and better yet, at least eight characters long.
  • Use a password manager to make it easier to create and use strong and unique passwords on all your devices, without the need to remember or repeat each one. Google’s Password Manager, built directly into Chrome, Android and the Google App, can help you do this. Using a password manager makes signing in convenient, especially on small mobile screens – instead of entering in a password each time, you can just press a button

2. Set up your security safety net

According to our study, two in three respondents across Asia-Pacific have experienced a data breach or know someone who has. Here are some ways you can protect yourselves against fraud.

  • Set up a security phone number or email address, and keep it updated so banks and other service providers can contact you right away if there’s suspicious activity on your account.
  • Take the Google Security Checkup to preemptively strengthen the security of your Gmail account and get personalized security recommendations — it only takes two minutes to complete. Since people often use their Gmail accounts to register with their banks, shopping sites, and payment services, this increases security on top of our automatic protections.
  • Set up 2-Step Verification(2SV) on every site that offers it. This dramatically increases security by requiring "something you know" (like a password) and "something you have" (like your phone or a security key).

More than 60% of people we surveyed said they are likely to adopt 2SV, but only 6% of people we surveyed currently use it. We know the best way to keep people safe is to turn on Google security protections by default. By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require two million YouTube creators to turn it on.

3. "Add to Cart” with Care

Three in four people admit to making purchases on pages without the secure symbol, increasing the opportunity for fraudsters to steal details.

We recentlyannounced HTTPS-first mode in Chrome. HTTPS is a secure and private way for people to communicate with websites. If you enable this mode, Chrome will show you a warning if a website doesn’t support HTTPS.

We also recommend making sure you're always running the latest version of software on all your devices. Some software, like Chrome, will automatically update. For other services that send notifications when it’s time to update, don’t click “remind me later”— take the time to install the update right away.

As you get your shopping lists ready, we encourage you to find more online security tips by visiting Google’s Safety Center. You can also explore this virtual exhibition to learn more about Google’s approach to security and privacy. Happy shopping!

Supporting the first #ShareTheMicInCyber Fellowship

Keeping people safe online requires more than just advanced security technology, it requires people.

Google’s security teams are made up of some of the world’s greatest hackers, developers and leaders. Day in and day out they work to keep our users and our Googlers information safe and secure.

There is no one size fits all security practitioner and we believe that diversity is key to building effective security teams. As Cybersecurity Awareness Month comes to an end, I’m thrilled to announce that Google is furthering its support for #ShareTheMicInCyber by investing in the the #ShareTheMicInCyber Fellowship.

Founded by Googler Camille Stewart and Harvard Kennedy School’s Lauren Zabierek #ShareTheMicInCyber began as an online conversation between Allies and Black cyber practitioners on Twitter and LinkedIn, and transformed into a social media phenomenon that highlights the experiences and expertise of Black practitioners in the field, features their accomplishments and creates a critical conversation on race in the industry.

The #ShareTheMicInCyber Fellowship, developed in partnership with New America is the first of its kind and will build on the work of previous #ShareTheMicInCyber campaigns by creating a program for Black cyber practitioners to further their career goals, build on their networks and pursue new opportunities. #ShareTheMicInCyber Fellows will conduct policy research and analysis, explore cybersecurity field issues from important perspectives and address the human side of cybersecurity, both from policy and technical aspects.

As part of Google’s commitment to strengthen the security workforce, we are proud to support the critical mission of #ShareTheMicInCyber by funding the first year of the fellowship and pledging to a total of five years of funding. The #ShareTheMicInCyber and New America teams will develop the fellowship program, which is expected to launch in 2022.

As modern cybersecurity threats evolve into new and more dangerous attacks - and as the industry seeks skilled workers - we need an arsenal of different ideas that represent all backgrounds. The #ShareTheMicinCyber Fellowship will amplify diverse talent and bring new voices and ideas to the industry and ultimately make us all safer and more secure.

Advancing public-private partnerships with #ShareTheMicInCyber

We know diverse security teams are more innovative, produce better products and enhance an organization's ability to defend against cyber threats.

Today, cybersecurity practitioners across Google and industry are elevating the voices and expertise of Black security practitioners as part of #ShareTheMicInCyber’s public and private partnerships campaign.

Amid increasingly sophisticated and dangerous ransomware and supply chain attacks on critical infrastructure and private sector entities, cybersecurity is a global imperative that requires new ways of thinking and partnering across government, industry and academia.

In the spirit of allyship, I’m honored to #ShareTheMicinCyber with a few of the Black security practitioners I work with everyday at Google. These practitioners have worked across sectors and offer a unique perspective on public-private partnerships and how critical they are to solving the threats we face.

Image of Jordyn

Jordyn Cosme, Senior Security Advisor, Google Products

“Security is a team sport that requires trust and collaboration. While business objectives or the mission of organizations may vary, we all share the goal of protecting sensitive information and data for our customers, our people, and our communities. Prior to joining Google, I advised government executive leaders on their toughest security challenges, like designing, building and maturing security programs. It was during this period that I gained a tremendous understanding for the role public-private partnership plays in helping us achieve our common goals. Much like assembling an all star team, partnerships can bring our strengths and differences together leveraging diversity of experience to achieve better outcomes.

This month’s #ShareTheMicInCyber moment will highlight the true collaboration that currently exists between the public and private sectors, but it will also provide us with clarity on the things we need to continue to work towards, like building more diverse security teams.”

Image of Lindsay

Lindsay Nuon, Senior Security Advisor, Privacy Safety and Security

“I began my security career in the US Military working at the intersection of Cybersecurity and Intelligence with government agencies including NCIS, the FBI, and HHS. Now, in my role as an Advisor at Google, I’m able to draw from an intimate understanding of the unique risks and challenges that each community faces as well as the special capabilities and immense value that diversity of thought can lend to protecting our users and defending our networks. These experiences taught me first hand that effective collaboration across the public/private sector is an imperative we must wholeheartedly support in order to secure our organizations and realize our shared vision of keeping our people, assets and infrastructure safe online. Without the collective intelligence of professionals on both sides, our blindspots grow larger, our adversaries grow more sophisticated, and as a result we will fail to keep-pace with the threat landscape as it evolves. That is why it has been so cool, over the course of my career, to witness the shift from security by obscurity to a more collaborative and community driven security approach.

I’m looking forward to continuing the conversation during the public-private partnership #ShareTheMicInCyber installment.”

Image of John

John Davis, Privacy Engineer, Data Protection Office

“I serve as a Staff Privacy Engineer at Google where I focus on designing privacy-protecting features into Google's products and services, and making privacy easier for users to control.

My data stewardship and cyber attribution work prior to joining Google helped me recognize the importance of public-private partnerships. Technology intersects at so many different points in our lives and it requires collaboration to work effectively and safely for everyone. This was realized for me over the past year, as I worked with Google’s anonymization team to make important COVID insights available to the public while respecting user privacy. The COVID mobility reports project was designed to help health officials and other public and private entities make critical decisions to combat COVID-19.

We all have a responsibility to work together to solve the toughest challenges we face. I look forward to engaging in meaningful discussions on this and more during #ShareTheMicInCyber.”

Image of Yousef

Yousef Saed, Technical Program Manager, Vulnerability Management

“I believe knowledge sharing within the security industry is important regardless of being in the private or public sector considering that security professionals are often working towards the same goals of protecting data, minimizing risk, and eliminating attack surfaces.

Since public and private sector organizations often have different threat models and focus areas, being able to collaborate well allows for a wider perspective and unique approaches to solving security challenges. Security is improved by collaboration rather than siloed knowledge.”

I encourage you to follow, share, retweet, and act in support of #ShareTheMicInCyber on Twitter and LinkedIn, today, October 22. By strengthening our commitment to racial equity and inclusion we can build safer and more secure products for everyone.

If you are interested in participating or learning more about #ShareTheMicInCyber, click here.

We analyzed 80 million ransomware samples – here’s what we learned

Leaders at organizations across the globe are witnessing the alarming rise of ransomware threats, leaving them with the sobering thought that an attack on their business may be not a matter of if, but when.

The stakes are becoming higher. Hackers aren’t just demanding money, they’re threatening to reveal sensitive or valuable information if companies don’t pay up or if they contact law enforcement authorities. For example, if you run a healthcare organization, the impact can be even more dire - as evidenced by this new report on ransomware attacks that finds attacks against hospitals have resulted in delays in tests and procedures, patients being kept longer, and even death.

One of the main challenges to stopping ransomware attacks is the lack of comprehensive visibility into how these attacks spread and evolve. Leaders are often left with bits and pieces of information that don’t add up.

VirusTotal’s first Ransomware Activity Report provides a holistic view of ransomware attacks by combining more than 80 million potential ransomware-related samples submitted over the last year and a half. This report is designed to help researchers, security practitioners and the general public understand the nature of ransomware attacks while enabling cyber professionals to better analyze suspicious files, URLs, domains and IP addresses. Sharing insights behind how attacks develop is essential to anticipating their evolution and detecting cybersecurity threats across the globe.

Of the 140 countries that submitted ransomware samples, Israel was far and away an outlier, with the highest number of submissions and nearly a 600 percent increase in the number of submissions compared to its baseline. Israel was followed by South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran and the UK as the most affected territories based on the number of submissions to VirusTotal.

Geographical distribution of ransomware-related submissions

Geographical distribution of ransomware-related submissions

We saw peaks of ransomware activity in the first two quarters of 2020, primarily due to the ransomware-as-a-service group GandCrab (though its prevalence decreased dramatically in the second half of the year). Another sizable peak occurred in July 2021, driven by the Babuk ransomware family – a ransomware operation launched at the beginning of 2021 that was behind the attack on the Washington DC Metropolitan Police Department.

At least 130 different ransomware families were active in 2020 and the first half of 2021 — grouped by 30,000 clusters of malware that looked and operated in a similar fashion. With 6,000 clusters, GandCrab was the most active family - followed by Babuk, Cerber, Matsnu, Congur, Locky, Teslacrypt, Rkor and Reveon.

Ransomware Activity of 100 Most Active Ransomware Families

Activity of 100 most active ransomware families

While these big campaigns come and go, there is a constant baseline of ransomware activity of approximately 100 ransomware families that never stops. Attackers are using a range of approaches, including well-known botnet malware and other Remote Access Trojans (RATs) as vehicles to deliver their ransomware. In most cases, they are using fresh or new ransomware samples for their campaigns. This broad collection of activity provides vital insights into ransomware growth, evolution and impact on organizations of all sizes, and provides the bread crumbs needed for businesses and governments to be much more proactive in building cybersecurity into their infrastructure.

How We Are Keeping Your Business Safe From This Threat

At Google, our platforms and products have to be secure by default, and have been designed to keep businesses protected from cybersecurity attacks, including the growing threat of ransomware.

Our Chrome OS cloud-first platform has had no reported ransomware attacks — ever — on any business, education or consumer Chrome OS device. Developed with built-in and proactive security, Chrome OS blocks executables that ransomware often hides in, and system files are kept in a read-only partition ensuring the OS can’t be modified by apps or extensions. Additionally, the cloud-first nature of Chrome OS means that your data and files are backed up in the cloud and recoverable if an attack were to happen.

We are committed to offering the industry’s most trusted cloud, and have developed solutions that help companies adhere to the five pillars of NIST’s Cybersecurity Framework - from identification to recovery. For example, our Cloud Asset Inventory helps businesses identify and monitor all their assets in one place. With email at the heart of many ransomware attacks, Google Workspace’s advanced phishing and malware protection provides controls to quarantine emails, defends against anomalous attachment types and protects from inbound spoofing emails. Chronicle, Google Cloud’s threat detection platform, allows businesses to find and analyze threats faster within their infrastructure and applications, whether that's on Google Cloud or anywhere else. With engineered-in capabilities and additional solutions, we also make it simple and efficient to respond and recover in the event of an incident.

With better data from crowdsourced intelligence platforms like VirusTotal, C-level decision makers can proactively ensure a more robust range of security solutions are implemented, and that multi-layered approaches to security become standard across all organizations. It’s the only way to keep our businesses, schools, hospitals and governments safe against ransomware attacks.

To learn more about how Google can help your organization solve its cybersecurity challenges check out our Google Cybersecurity Action Team.

Delivering 10,000 security keys to high risk users

There is no shortage of news around targeted cyber attacks that are deliberately aimed at high profile individuals and groups. At Google, we have an entire team dedicated to detecting and stopping the world’s most sophisticated cyber criminals, and we have spent years working on advanced security solutions, like our Advanced Protection Program (APP), that users can turn on to instantly increase their protections from these types of attacks.

APP brings Google’s strongest security protections together into a holistic program that is constantly upgraded in response to emerging threats. APP is available to all users, but is specifically designed for individuals and organizations at higher risk of targeted online attacks, such as elected officials, political campaigns, human rights activists and journalists.

Users who enroll in APP are protected against a wide variety of online threats, including sophisticated phishing attacks (through the use of security keys), malware and other malicious downloads on Chrome and Android, and unauthorized access to their personal account data (such as Gmail, Drive or Photos). As new threats are discovered, APP evolves to provide the latest protections.

As part of our work to keep our users safer and increase awareness of APP, we partnered with organizations across the globe to provide free security keys to over 10,000 high risk users throughout 2021.

How We are Bringing APP to High Risk Users

Cybersecurity is a team sport – it requires more than just one company’s commitment. That’s why we are constantly working to foster relationships with organizations outside of Google that are also committed to educating users and advancing cybersecurity. The more high risk users that we can get into a protected state, the safer we all are.

These are a few of the organizations and programs that we are partnering with to enhance security for our most at-risk users:

International Foundation for Electoral Systems

As a global leader in democracy promotion, the International Foundation for Electoral Systems (IFES) engages with critical issues in democracy, governance and elections around the world. We're collaborating with IFES on global educational security programming for at-risk groups, so those who work to safeguard human rights can stay safe online. This year we’ve supported IFES with free security keys for attendees of their global cyber hygiene trainings, including journalists in the Middle East and women activists in Asia through their virtual “She Leads” series. In 2022, we will expand our work with IFES through a continued contribution of Titan Security keys and educational materials for their high risk user trainings.

Quote from Dr. Stephen Boyce, IFES

UN Women Generation Equality Action Coalition for Technology and Innovation

As part of Google’s ongoing work with UN Women, we offer consultations and online safety and security workshops for UN chapters and organizations around the world that support women who are at higher risk of online attacks including journalists, activists, politicians and executives. Workshop attendees are trained on tools to better protect their organizations as well as the high risk women they support.

Defending Digital Campaigns

At the start of the U.S. 2020 election season, we announced our collaboration with Defending Digital Campaigns (DDC), a nonprofit and nonpartisan organization, to distribute Titan Security Keys to more than 180 eligible federal campaigns. More recently, we expanded our work with DDC to provide eligible state-level campaigns and political parties, committees, and related organizations with knowledge, training and resources to defend themselves from security threats.

By the time the 2022 midterm election season is in full swing, DDC will have completed bipartisan cybersecurity trainings in all 50 states. To date, DDC has trained hundreds of local campaign workers, state party staff members, and people who work at related political organizations across 21 states. These trainings deliver actionable steps that campaign staff can immediately implement to increase security for their organizations. We also worked with DDC to deploy a publicly-available cybersecurity Knowledge Base to help campaigns and political organizations with cybersecurity information. The Knowledge Base includes step-by-step instructions for turning on better security protections including APP. Through the Knowledge Base and direct work with eligible campaigns, DDC provides hands-on assistance for getting cybersecurity tools implemented.

quote from Michael Kaiser, DDC

We’re excited to be working with these leading organizations to protect high risk user groups and learn more about the needs of at-risk users and organizations. These collaborations help us make the world’s most advanced security even stronger, more inclusive and easier to use – helping everyone stay safer with Google.