Ransomware is making a comeback according to a new report from McAfee which observed that ransomware samples grew by 118 percent during the first quarter of this year as cybercriminals adopted new tactics to evade detection.
The cybersecurity firm’s McAfee Labs Threats Report: August 2019 saw an average of 504 new threats per minute during Q1 alongside changes in ransomware campaign execution and code. Additionally over 2.2bn stolen account credentials were made available on the dark web over the course of the quarter and 68 percent of targeted attacks utilized spear-phishing for initial access while 77 percent relied on user actions to execute their campaigns.
McAfee fellow and chief scientist, Raj Samani stressed the fact that every cyberattack has a human cost, saying:
“The impact of these threats is very real. It’s important to recognize that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story. Every infection is another business dealing with outages, or a consumer facing major fraud. We must not forget for every cyberattack, there is a human cost.”
McAfee Advanced Threat Research (ATR) also observed innovations in how cybercriminals launch ransomware campaigns with shifts in initial access vectors, campaign management and technical innovations in their code.
In Q1 2019, ransomware attacks increasingly targeted exposed remote access points such as Remote Desktop Protocol (RDP). RDP credentials were either purchased on the dark web or cracked through brute-force attacks and they can be used to gain admin privileges to distribute and execute malware on corporate networks.
McAfee researchers also observed how the cybercriminals behind ransomware attacks began to use anonymous email services to manage their campaigns instead of the traditional approach of setting up command-and-control (C2) servers.
Dharma (also known as Crysis), GandCrab and Ryuk were the most active ransomware families during the first quarter of this year with other notable ransomware families including Anatova (which McAfee exposed before it spread) and Scarab.
Lead scientist and senior principal engineer at McAfee, Christiaan Beek provided further insight on ransomware’s resurgence, saying:
“After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach. Paying ransoms supports cybercriminal businesses and perpetuates attacks. There are other options available to victims of ransomware. Decryption tools and campaign information are available through tools such as the No More Ransom project.”