Yesterday McAfee Labs released a report on the cyber-threat landscape during the first quarter of 2019. Researchers recorded a worrying 118% growth in new ransomware samples, along with innovative changes in the codes and tactics used to execute it.
While spear-phishing remained popular, the ransomware currently going through a resurgence increasingly targets exposed remote access points like Remote Desktop Protocol (RDP).
RDP credentials can be cracked through a brute-force attack or bought in the cyber-criminal underground and then used to gain admin privileges, granting full rights to distribute and execute malware on corporate networks.
McAfee researchers also observed actors behind ransomware attacks using anonymous email services to manage their campaigns rather than the traditional approach of setting up command-and-control (C&C) servers.
Despite a decline in volume and unique ransomware families in Q4 2018, Q1 2019 saw the detection of several new ransomware families using innovative techniques to target businesses. The most active ransomware families of the quarter were Dharma (a.k.a., Crysis), GandCrab and Ryuk.
Although spear-phishing was used to gain initial access in 68% of targeted attacks, 77% relied on the unwitting actions of users to execute their threat campaigns.
In the first three months of the year a staggering 504 new threats per minute were observed by researchers. Instances of new coin-mining malware increased by 29% and new PowerShell malware increased by 460%.
During the same period, more than 2.2 billion stolen account credentials were made available on the cyber-criminal underground.
Raj Samani, McAfee fellow and chief scientist, said: “It’s important to recognize that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story. Every infection is another business dealing with outages or a consumer facing major fraud. We must not forget for every cyber-attack, there is a human cost.”
Christiaan Beek, McAfee lead scientist and senior principal engineer, urged users targeted by ransomware to consider all their options before coughing up cash to criminals.
He said: “Paying ransoms supports cybercriminal businesses and perpetuates attacks. There are other options available to victims of ransomware. Decryption tools and campaign information are available through tools such as the No More Ransom project.”