Ransomware Jumps in Q1: Report

Wednesday, June 10, 2015 @ 02:06 PM gHale

Ransomware attacks were up over 150 percent in the first three months of this year, a new report said.

Ransomware jumped 165 percent in the first quarter, rebounding from a drop last year when police worldwide staged a coordinated crackdown to knock out a major ransomware network, according to Intel Corp.’s McAfee Labs Threats Report for May.

Attackers’ RoI Over 1,400%: Report
DDoS Attacks Go Big in Q1: Report
IoT Prevalent, Opens Network to Attack
Industrial Security: A CEO’s Perspective

Ramsomware is malware which cybercriminals use to seize control of computer and phones when unwitting users click on an infected link or download a tainted document, locking them out of all access to their devices unless they make ransom payments.

The attack, which first took root in Russia last decade, has spread globally in the last four years. Victims typically face extortion demands of anywhere from $150 to $500 to regain access to the encrypted files.

Ransomware has evolved to where developers lease out variants of the malware to bad guys who use them to launch virtual extortion schemes.

A new ransomware family has emerged—CTB-Locker, the report said. It goes out via Internet relay chat, peer-to-peer networks, newsgroup postings, and email spam.

It ends up extensively localized to minimize suspicion from email recipients. And to circumvent security products, the downloader ends up tucked away in a .zip file that contains another .zip file and eventually unpacks to a screensaver file.

Moreover, there is an underground “affiliate” program to quickly flood the market with phishing campaigns, leading to CTB-Locker infections, the report said. As a result, Q1 saw a massive increase in the number of ransomware samples, mostly due to this new family.

In another part of the survey, researchers found Adobe Flash malware grew 317 percent in the first quarter.

Intel Security spotted 200,000 samples of Flash malware among its customer base of hundreds of millions of phone and computer users worldwide.

This malicious code takes advantage of out-of-date versions of the widely used Adobe software.

In addition, the survey found persistent and virtually undetectable attacks by the Equation Group that reprogram hard disk drives and solid state drive firmware.

In February, news broke about Equation Group, named for their affinity for complex encryption schemes.

The most alarming discovery is the Equation Group’s malware includes hard disk drive and solid state drive reprogramming modules. Once reprogrammed, a compromised system remains infected even if the hard drive ends up reformatted or the operating system reinstalled. Further, the reprogrammed firmware and associated malware are undetectable by security software. This marks the first time in a Threats Report that McAfee Labs has examined a firmware-based attack.

Click here to download the report.