PhishMe has released its Q3 Malware Review which indicates the ransomware epidemic is growing, with the malicious file-encrypting malware now used in record numbers of attacks on businesses.
Ransomware is malicious code that locks files with powerful encryption, preventing companies from accessing their data. The attackers hold the only keys to unlock the encryption, which must be bought by companies in the form of a ransom payment.
There has been an explosion in the number of ransomware variants this year, with many ransomware families now being used to extort money from businesses. However, the leading variant that has been used in the majority of attacks is Locky. Locky is constantly being updated with the attackers using a variety of techniques to avoid detection. The ransomware variant has resisted all attempts by security researchers to crack its code and develop a decryptor.
For the latest report, PhishMe analyzed more than 689 malware samples gathered using its Phishing intelligence platform. Last quarter, PhishMe collected 559 samples, clearly demonstrating the increase in attacks. PhishMe reports that Locky ransomware was the most commonly detected malware variant in phishing emails in Q3.
“Not only does Locky distribution dwarf all other malware from 2016, it towers above all other ransomware varieties,” said PhishMe CTO and co-founder, Aaron Higbee. He also said the success of the ransomware variant was due to its adaptability, and explained there are no signs of the attacks slowing in the near future.
PhishMe determined that in Q2, 2016, 92% of phishing emails were being used to deliver ransomware. In Q3, 2016, the percentage had increased to 97.25%. The remaining 2.75% of phishing emails are being used to distribute other malware variants such as Trojans and keyloggers.
While phishing emails may be primarily used to spread ransomware, PhishMe notes there has been an increase in deployments of remote access Trojans. These malware variants have been developed to provide long-term access to corporate networks for espionage purposes, while also allowing criminals to steal vast quantities of confidential data.
PhishMe points out in its report that ransomware often makes the headlines, but other forms of malware still represent a significant hazard for organizations. The 2.75% of phishing emails that are used to spread other forms of malware contain a huge variety of different malware iterations.
PhishMe co-founder and CEO, Rohyt Belani, said “Our research shows that without a phishing defense strategy, organizations are susceptible to not just the voluminous phishing emails used to deliver ransomware, but also the smaller and less-visible sets of emails used to deliver the same malware that has been deployed for years.”
Belani said the best way to protect against phishing attacks is to “empower users to act as both human sensors for detecting attacks and partners in preventing threat actors from succeeding.”