The Great, Big Ransomware Revival

Trends are at play in the realm of malware as much as they are in the fashion world. And in the cyber-criminal underground the threat equivalent of the inexplicably popular skin-tight leggings that would do us all a favor if they simply disappeared is ransomware. 

Yesterday McAfee Labs released a report on the cyber-threat landscape during the first quarter of 2019 and the stats are pretty scary. Researchers recorded a worrying 118% growth in new ransomware samples, along with innovative changes in the codes and tactics used to execute it. 

While spear-phishing remained popular, the ransomware currently going through a resurgence increasingly targets exposed remote access points like Remote Desktop Protocol (RDP).

RDP credentials can be cracked through a brute-force attack or bought in the cyber-criminal underground and then used to gain admin privileges, granting full rights to distribute and execute malware on corporate networks.  

McAfee researchers also observed actors behind ransomware attacks using anonymous email services to manage their campaigns rather than the traditional approach of setting up command-and-control (C&C) servers. 

Despite a decline in volume and unique ransomware families in Q4 2018, Q1 2019 saw the detection of several new ransomware families using innovative techniques to target businesses. The most active ransomware families of the quarter were Dharma (a.k.a., Crysis), GandCrab and Ryuk. 

Although spear-phishing was used to gain initial access in 68% of targeted attacks, 77% relied on the unwitting actions of users to execute their threat campaigns.

In the first three ..

Support the originator by clicking the read the rest link below.