Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Ransomware Sends Phishing Volumes up Almost 800%

In a testament to the fact that we have seen a profound shift in criminal tactics, most (as in 93%) phishing emails now are pushing ransomware.

According to PhishMe, its analysis of phishing email campaigns from the first three months of 2016 has seen a 6.3 million increase in raw numbers, due primarily to a ransomware upsurge against the last quarter of 2015. That is a staggering 789% jump.

“Thus far in 2016, we have recorded an unprecedented rise in encryption ransomware attacks, and we see no signs of this trend abating. Individuals, small- and medium-sized businesses, hospitals, and global enterprises are all faced with the reality that this is now one of the most favored cyber-criminal enterprises,” explains Rohyt Belani, CEO and co-founder of PhishMe.

The firm’s Q1 2016 Malware Review has identified three key trends previously recorded throughout 2015, but have come to full fruition in the last few months: Encryption ransomware; soft targeting by functional area; and downloader/ransomware, the one-two combination.

When it comes to soft targeting in phishing, malicious emails are typically accompanied with Microsoft Office documents laden with malware or the ability to download the same.

“In contrast to both broad distribution and the careful targeting of one or two individuals via spear phishing emails, soft targeting focuses on a category of individuals based on their role within any organization anywhere in the world,” said Belani. “Criminals target this subset with content relevant to their role.”

Towards the end of 2015, PhishMe’s Research team hinted toward the growing prevalence of JavaScript downloader applications as a malware delivery mechanism. During the first three months of 2016, most notably through its prolific use by the distributors of Locky, this prediction did indeed materialize as expected.

“During the first quarter, JavaScript applications even surpassed Office documents with macro scripts to become the most common malicious file type accompanying phishing emails,” Belani said. “JSDropper applications were present in nearly one-third of all phishing email analyses performed by PhishMe.”

Of course, whether threat actors execute encryption ransomware attacks via phishing messages, deliver personalized messages to a functional area of an organization, combine Dridex or Locky with JSDropper or Office documents with macros for delivery, the impact on the victimized organization is significant.

“They have to expend scarce incident response resources on the clean-up effort, manage a potential public relations nightmare, and in some cases even cave in to hacker demands of paying the ransom being demanded,” the report noted.

Belani added, “As the frequency and magnitude of such phishing attacks increase, the importance of empowering humans to avoid and report them, and giving incident response teams the ability to rapidly react to such reports has never been more acute.”

Photo © Nicescene

What’s Hot on Infosecurity Magazine?