In April 2016, a report by PhishMe revealed that 93% of all phishing emails analysed in March contained ransomware. The report also showed a huge surge in the number of phishing emails being sent: an increase of 789% in the first quarter of 2016 compared to the final quarter of 2015.
Ransomware also accounted for more than half of all phishing emails in March, which is a terrifying rise from 29% in February and just 15% in January. As an easy and effective form of scam, the use of ransomware is now more popular than ever – mainly because many people still don't recognise it, don't understand how to react and don't take steps to protect themselves.
With the rapid rise in the use of ransomware, new varieties are being discovered all the time. Over 124 separate variants have been discovered by Intel Security in the last 6 months alone! The two most common types are locker and crypto:
Locker Ransomware: denies access to the computer until the victim pays a fee, often by posing as law enforcement to spook users into paying. This type of ransomware normally only locks access to the interface, leaving the files and system untouched.
Crypto Ransomware: finds and encrypts valuable data stored on a computer or device, then demands that the victim pay a fee for a decryption key. Once it gains access to a device, it tries to remain hidden whilst searching for files to encrypt. This type of ransomware takes advantage of the fact that many people don't back up their important files.
According to reports by IDG Connect, 46% of IT decision makers say their organisation has been ‘significantly’ affected by malware, including ransomware and phishing.
The use of ransomware has been accompanied by an increase in soft target phishing: a cross between spear phishing and spam email, which targets people with a particular job within an organisation.
A common method involves sending an email containing a job application to people within an organisation, then relying on them forwarding it to the appropriate person. This is particularly effective because most people trust internally shared emails, and don't suspect them to contain malicious links.
Other common types of phishing emails include billing, shipping and invoice-related messages, as well as advanced and highly-targeted forms of phishing attacks, like whaling.
Whaling attacks are even harder to detect than phishing attacks, because they don't contain malicious hyperlinks or attachments. Instead, they rely on social-engineering to trick their targets: like US networking technology company, Ubiquiti, who were scammed out of $46 million in 2015.
Whaling is highly targeted. It uses information that is often freely available on company websites and social media to research particular victims within an organisation, who are targeted with emails from spoofed or similar-looking domain names. Emails that appear to be from the CEO or CFO, for example, can trick finance staff into making fraudulent wire transfers to the attackers.
As whaling attacks like these become increasingly successful and profitable for cyber-criminals, it becomes more important than ever for organisations to take steps to protect themselves.
The first step in defending against malware, ransomware and other email-based scams is to back up all your critical information. If you find yourself on the receiving end of a threatening extortion message, you'll know your data is safe and you won't have to pay any unnecessary ransom demands.
The next step is to educate your employees, because they are more likely than anyone to accidentally click on malicious links that could hold your entire organisation to ransom. The best way to raise their awareness is through specific training courses. At Softcat, we work with PGI who run a government accredited Cyber Security Awareness Course, which will teach your employees how to spot phishing emails and malicious attacks.
Despite the huge rise in ransomware, phishing and whaling, it's easy to start protecting your organisation and educating your employees to defend against these threats.
If you'd like to find out more about our cyber security solutions or to get started with a Cyber Essentials assessment, please speak to your Softcat account manager or register using the button below.
We would love to hear any comments you have about this article!