One Ransomware Tops Spam List

Tuesday, October 18, 2016 @ 02:10 PM gHale

Most likely anyone receiving spam emails with a file attachment in the last three months, it probably was a file containing a version of the Locky ransomware, new research said.

A previous report from Cisco said spam numbers returned to record levels seen last time in the early 2010s. That report included all spam categories, such as pharma, dating, and pump-and-dump campaigns.

‘No More Ransomware’ Inks Global Partners
Ransomware Masked as Rockwell Update
Ransomware Attack Hurts MI Utility
Crypto-Ransomware Attacks on Rise

Along those lines, the number of spam emails spreading malware-laced files reached all-time high numbers in Q3 2016, according to Proofpoint’s Quarterly Threat Summary for Q3 2016.

The leader among all malware families was the Locky ransomware, found in 96.8 percent of all malicious spam file attachments, the report said.

In a vast majority of cases, this manifested as a ZIP file containing a JavaScript file inside, but crooks also leveraged Office documents that contained malicious macro scripts, HTA (HTML executable) files, and WSF (Windows Script) files.

The rest of the Top 5 most spammed malware includes the Pony infostealer, the Vawtrack banking Trojan, the Tordal (Hancitor) malware dropper, and the Panda Banker banking Trojan.

Besides Locky, other ransomware variants spread via spam campaigns in larger numbers included CryptFile2, MarsJoke, and Cerber.

The report also highlights a continuous evolution of banking Trojans, which, even if they were spread in far fewer numbers than in 2015, continued to be a constant threat thanks to a series of anti-detection features added to avoid security software.

The good news from Q3 2016 is exploit kit activity has gone down 65 percent compared to Q2 and 93 percent compared to the start of 2016.

This downfall can be attributed to the shutdown of the Angler and Nuclear exploit kits this past spring, but also to the Neutrino exploit kit entering a so-called “private mode.”