Ransomware: 97 percent of phishing e-mails contain it

Locky dominates the onslaught. And there has been an increase in deployment of so-called quiet malware such as remote access Trojan malware like jRAT, according to new research from PhishMe.
By Bill Siwicki
08:44 AM
ransomware phishing emails

The number of phishing e-mails containing a form of ransomware grew to 97 percent during the third quarter of 2016, up from 92 percent in the first quarter, according to research from PhishMe, a vendor of human phishing defense solutions.

Remaining at the forefront of the malware onslaught is Locky encryption ransomware, which has introduced a number of techniques to resist detection during the infection process, PhishMe said.

PhishMe’s Q3 2016 Malware Review identified three trends previously noticed throughout 2016. These trends, the company said, have come to full fruition in the last few months.

First, Locky continues to dominate the ransomware scene. While numerous encryption ransomware varieties have been identified in 2016, Locky has demonstrated adaptability and longevity, PhishMe said. 


 The Privacy & Security Forum Boston runs Dec. 5-7. Register here


Second, the proportion of phishing e-mails analyzed that delivered some form of ransomware has grown to 97.25 percent, leaving only 2.75 percent of phishing e-mails to deliver all other forms of malware utilities, the company found.

And third, there has been an increase in deployment of quiet malware. PhishMe identified an increase in the deployment of remote access Trojan malware like jRAT, suggesting that these threats intend to remain within their victims’ networks for a long time, the company explained.

During the third quarter of 2016, PhishMe Intelligence conducted 689 malware analyses, showing a significant increase over the 559 analyses conducted during Q2 2016. Research reveals that the increase is due, in large part, to the consistent deployment of Locky encryption ransomware, the company said. Locky executables were the most commonly identified file type during the third quarter, with threat actors constantly evolving the ransomware to focus on keeping this malware’s delivery process as effective as possible.

“Locky will be remembered alongside 2013’s CryptoLocker as a top-tier ransomware tool that fundamentally altered the way security professionals view the threat landscape,” said Aaron Higbee, chief technology officer and co-founder of PhishMe. “Not only does Locky distribution dwarf all other malware from 2016, it towers above all other ransomware varieties. Our research has shown that the quarter-over-quarter number of analyses has been on a steady increase since the malware’s introduction at the beginning of 2016. Thanks to its adaptability, it’s showing no signs of slowing down.”


 Ransomware and breaches will be among the topics at the Privacy & Security Forum in Boston, Dec. 5-7, 2016. 
⇒ Privacy & Security Forum Boston: What to expect
⇒ How to beat back hackers and savvy cybercriminals? Delve into the dark web
⇒ A CISO, consultant, and infosec vendor nail down cybersecurity best practices
⇒ Gone' phishin': Mayo Clinic shares tips for fending off attacks

⇒ What's the fundamental problem with cybersecurity? Relying on the Internet
⇒ Budgets grow but breaches continue without best practices
⇒ Think offshoring PHI is safe? You may not be if a business associate breaches


Like Healthcare IT News on Facebook and LinkedIn