Ransomware was most popular cyber crime tool in 2017
Detections of ransomware increased by more than 90% last year compared with 2016
Ransomware attacks on business increased by 90% in 2017, while attacks on consumers leapt by 93%, according to the latest annual state of malware report by security firm Malwarebytes.
The monthly rate of ransomware attacks was up to 10 times more than in 2016, with September 2017 having the largest volume of ransomware attacks against businesses ever documented.
In the UK, ransomware attacks peaked in May 2017. Overall attacks have increased at an unprecedented pace, with UK businesses and consumers more likely to encounter ransomware attacks than their US counterparts, the report said. Ransomware in the UK accelerating at a pace almost double that in the US.
Between July and September 2017, there was a 700% rise in ransomware, according to Malwarebytes’ telemetry data, with GlobeImposter and WannaCry making up most of that statistic. GlobeImposter increased by 341% from July to August 2017, and WannaCry surged by 375% from August to September 2017.
However, Malwarebytes reported a drop in ransomware detections towards the end of the year, when there was a shift back to banking Trojans, spyware and adware, and a move to cryptocurrency miners.
After ransomware, business was targeted mainly by hijacking malware, adware and riskware tools, and the second half of the year saw a 102% average increase in banking Trojan detections.
“With ransomware slowly going out of favour, criminals pivoted to banking Trojans, spyware and hijackers in 2017 to attack companies instead,” the report said. “These types of malware are used to steal data, login credentials, contact lists, credit card data, distribute more malware and spy on a victim for information about the business or how to dig deeper into the network.”
Hijacker malware rose by nearly 40% year on year, making it the most common threat detected against businesses in 2017, with the highest growth rate of 134% in the UK.
Hijacker malware interacts and modifies victim browser operations to push advertisements, redirecting the browser to third-party search engines or shopping sites. Depending on the family of hijacker, it may also install additional malware or steal personal information.
Read more about ransomware
- Business warned of massive ransomware campaign.
- How does the Locky ransomware file type affect enterprise protection?
- Focus: how to avoid being hit by ransomware.
- Large UK firms are prepared to pay out more than £136,000 on average to cyber criminals who launch ransomware attacks.
As regards their business impact, hijackers mainly cause work downtime, but they can also lead to additional infection or worse, and businesses should keep an eye out for this type of malware.
Alongside a sudden cryptocurrency craze, bad actors have started using cryptomining tools for their own profit, using victims’ personal computers in the process, the report said. This includes a significant increase of miners through compromised websites, malicious spam, exploit kit drops and adware bundlers.
The volume of adware increased by 132% year on year, making up 40% of consumer threat detections, up from less than 20% in 2016. Adware is Malwarebytes second most detected threat, despite fewer adware families in the mix. Most of the work is being done by a handful of active adware developers for Windows, macOS and Android, the report said.
“The past year has certainly thrown us a few curveballs, with massive ransomware attacks, changes in malware distribution and a significant increase in cryptocurrency miners,” said Malwarebytes CEO Marcin Kleczynski.
“With 2018 just getting started, these findings can help pave the way for increased awareness, C-level participation and enhanced technologies to better protect both consumers and businesses.”
The cyber crime industry is going through a growth spurt, the report said, with many actors consolidating their efforts to create more dangerous threats.
“However, along with the continued evolution of malware, more and more users are learning how to protect themselves by using software, reading articles and reports, and deploying common security tactics on every system they use,” the report said.
“Criminals are unable to profit from their efforts without victims. If we can reduce how many possible victims there are through knowledge and software development, then 2018 might just turn out all right.”