According to a report issued by Intel Security Group's McAfee Labs, ransomware has experienced a 165% increase in the first quarter of 2015. McAfee Labs Threats Report: May 2015 reveals that this increase has been fueled in part by the impression of underground criminals that victims in rich countries seem to be the most willing to make ransom payments. This knowledge, in turn, has led to the development of well-crafted phishing messages as delivery mechanisms for the malware.
"The phishing email topics that lead to infestation by ransomware are very specific," McAfee Labs explains. "The email template and attachment names appear not only in the local language but also pretend to be coming from real companies in the targeted countries."
Ransomware, some variants of which demand between $150 and $500 for victims to retrieve their encrypted files, has seen an increase despite an international law enforcement effort last year that took down the Gameover ZeuS botnet, which was responsible for helping to spread the CryptoLocker ransomware.
Since June 2014, 'Curve-Tor-Bitcoin' (CTB) Locker has taken the place of CryptoLocker as one of the most prolific types of ransomware in the wild today. Other families, including CryptoWall, TorrentLocker, BandarChor, and a new form called Teslacrypt, have also contributed to this spike. In addition to analyzing the increase in ransomware, McAfee's report studies the "Equation Group" threat actor, particularly its use of hard disk drive and solid state drive reprogramming modules to keep a machine's firmware infected even if the hard drive is reformatted or the operating system is reinstalled. McAfee Labs also identified 42 new vulnerabilities in Adobe Flash that attackers have leveraged to exploit users who were slow to patch their systems.
“With the popularity of a product like Flash, there comes a tremendous responsibility to proactively identify and mitigate security issues potentially threatening millions of users,” said Vincent Weafer, senior vice president, McAfee Labs. “This research nicely illustrates how the tech industry works together constructively to gain an advantage in the realm of cybersecurity – industry partners sharing threat intelligence, and technology providers acting on information quickly to help prevent potential issues.”To learn more about ransomware, including how you can protect yourself and your computer against this type of malware, please click here. To read McAfee's report in full, click here.
