Joerg Habermeier - stock.adobe.c

Phishing back in vogue as ransomware vector

Researchers have observed an increase in phishing as a means to deliver ransomware payloads – and organisations don’t appear to be prepared

Cyber criminals appear to be returning to phishing as a means of spreading ransomware into target organisations, reversing a recent trend towards using malicious downloaders as a first-stage payload delivery mechanism. This heralds the possibility of a return to the large-scale ransomware attacks seen a couple of years ago.

That is according to threat researchers at Proofpoint, who have seen an uptick in phishing-related ransomware lures targeting mainly France, Germany, Greece, Italy and the US, with daily volumes ranging from one to as many as 350,000 messages in each campaign, many exploiting the Covid-19 coronavirus pandemic.

The uptick includes a number of ransomware families, which include: Avaddon, a relatively new ransomware-as-a-service product that has mainly targeted education, entertainment, manufacturing, media and transport in the US; Buran, named after the failed Russian space shuttle project of the 1980s; Darkgate; Philadelphia, an old “favourite” from 2017 that is now targeting German organisations posing as an official Covid-19 communication from the government; Mr Robot, which is also using Covid-19 to go after US organisations; and Ranion.

Proofpoint’s Sherrod De Grippo said the re-emergence of ransomware as an initial payload was frankly unexpected, and even though the volume of emails observed was still fairly small, it was still a noteworthy tactical change.

De Grippo said the full significance of the shift was not yet clear, but it was a timely reminder to expect the unexpected.

Meanwhile, a new study from data recovery service provider Ontrack has revealed that 39% of organisations either have no ransomware contingency plan in place, or do not know if one exists.

Out of almost 500 organisations that responded to its survey, 21% said they had experienced a ransomware attack, and of those, 26% admitted they had been unable to recover any working backups.

“The threat of ransomware has never been greater,” said Ontrack president Philip Bridge. “The fact that only 39% of respondents to our survey have an emergency plan in place for a ransomware attack is shocking. They are gambling with their and their customers’ data. It is imperative, now as ever, to ensure your organisation has processes and procedures in place to mitigate the impact of any cyber attack and protect sensitive data.”

Read more about ransomware

A second study released this week by training specialist KnowBe4 – which set out to explore and establish the most pressing concerns of security professionals – found that 71% of organisations are concerned about ransomware to some degree.

Of this total, 5% said the threat of being held to ransom by cyber criminals kept them awake at night, 14% said they were very concerned, but the vast majority, 52%, said they were only somewhat concerned about the problem.

“When it comes to cyber security, it can often feel like a game of moving one step forward only to find that you have moved two steps back,” said Javvad Malik, security awareness advocate at KnowBe4. “Cyber criminals are relentless in their efforts, adapting and altering their strategies for maximum personal gain.

“This report clearly demonstrates the many causes of concern, but, more importantly, it’s a reminder that no organisation can afford to fall complacent, whether in implementing security policies or building a security culture.”

Read more on Hackers and cybercrime prevention