Story image

Cryptolocker malware and ransomware threats on the rise

Cryptolocker malware and ransomware is increasing at a rapid rate, with these threats rising 167% over the previous quarter.

Positive Technologies, the enterprise security systems company, released its CyberThreatscape Q1, which revealed new data around infection via cryptolockers, an increase in the number of unique threats, an increasing number of hybrid Trojans, more attacks focused on data theft, and a decrease in cryptojacking.

Most notably, the data shows the cryptolocker infection rate has increased to 24% from 9% in the last quarter of 2018.

Cryptolocker attacks are commonly combined with phishing, due to the fact that hackers are finding new ways to manipulate targets and gain ransom from them. As these attacks become more sophisticated, victims of cryptolocker attacks also reachers a higher level - for instance state institutions.

Positive Technologies cyber security resilience lead Leigh-Anne Galloway says phishing emails aren’t only used to spread viruses as hackers become smarter and more efficient.

"Phishing emails are still one of the most popular and efficient ways of delivering malicious software. But that's not the only route of malware distribution by far.

“For instance, users download a lot of files from torrent trackers, which increases the risk of malware infection exponentially; also, using files that pretend to be movies, attackers have been able to distribute software for swapping addresses of Bitcoin and Ethereum wallets at the moment when data is inserted from the exchange buffer. These new methods of attack demonstrate how creative and sophisticated attackers are becoming,” Galloway says.

In addition to this, Positive Technologies’ research also showed that the number of unique threats increased by 11% from Q1 of the previous year. Comparatively, the share of targeted attacks dropped to 47% from 53% in the fourth quarter 2018.

Furthermore, since the start of 2019, there have been an increasing number of infections using multifunctional Trojans, or modular malware. These combine the functions of various types of malware for greater success. As an example, the DanaBot Trojan contains components for remote control and functions of a banking Trojan, and can also steal passwords from a number of applications.

The research also looked at what the cybercriminals were seeking first and foremost. The data shows that 54% of attacks are driven to gain information, from personal correspondence to commercial intel. Of the personal information, credentials, personal data, and payment card information are still the most valuable and sought-after, the research shows.

Victims are still a combination of individuals and businesses or organisations. The results showed individuals are still at 21% of all attacks, versus 22% in fourth quarter 2018.

When it comes to organisations, attackers most often hit government agencies (16%), medical institutions (10%) and industrial companies (10%).

The research also showed a drop in certain attacks. For instance, the number of attacks aimed at covert mining of cryptocurrency has decreased due to it becoming more complex and difficult. In Q1 of 2018, the share of miners rose as high as 23% yet in Q4 2018 it fell to 9% and in first quarter 2019 the share of cryptojacking was only 7%.