A resurgence in ransomware is being driven by a surge of new malware families that are often far more targeted, according to cybersecurity firm McAfee.
In its latest threat report, the US firm said it had observed a 118% increase in new ransomware strains in the first quarter of 2019 compared to the last quarter of 2018.
This data corresponds with an increasing number of ransomware attacks making headlines, particularly US governments and cities, such as the Texas ransomware attack.
Indeed, McAfee found that attackers were focusing on governments and administrations. This was followed by companies in the financial, chemical, defence and education sectors.
The new spate of ransomware attacks is a shift away from ‘spray and pray’ ransomware tactics, such as the WannaCry ransomware that reaped havoc around the world in 2017 when ransomware attacks were at their peak.
With more targeted attacks, criminals can manually determine the price a business will have to pay to unlock their files, basing their amount on the likelihood of a business paying.
In such targeted attacks, spear phishing – sending malicious emails from an apparently trusted person – was used to gain initial access 68% of the time.
Attackers are also increasingly using anonymous email services to manage ransomware campaigns. Traditionally, they tend to set up command-and-control servers, which can be easier for cybersecurity professionals to trace.
The most common families of ransomware during this period are Dharma (also known as Crysis), GrandCrab and Ryuk.
“After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach” said Christiaan Beek, McAfee lead scientist and senior principal engineer.
“Paying ransoms supports cybercriminal businesses and perpetuates attacks. There are other options available to victims of ransomware. Decryption tools and campaign information are available through tools such as the No More Ransom Project.”
Ransomware resurgence: “For every cyberattack, there is a human cost”
Cybercriminals appeared to have turned to the then more profitable cryptojacking, in which attackers hijack the computing power of a victim to mine for cryptocurrency. But as the price of cyryptocurrencies fell, such attacks became less profitable, causing cybercriminals to turn back to other forms of revenue, including ransomware attacks.
However, McAfee found that criminals are turning to different attack approaches when it comes to coin mining malware, such as the CookieMiner malware targeting Apple users. Overall, new coin mining malware has increased by 29%.
Elsewhere, McAfee also found an average of 504 new threats per minute in the first quarter of 2019.
It also noted that more than 2.2 billion stolen account credentials were made available on the cybercriminal underground during the same period.
McAfee’s findings are based on data gathered from its Global Threat Intelligence cloud, which consists of over a billion sensors scanning for various types of cyber threats around the world.
The full report, McAfee Labs Threat Reports: August 2019, can be found here.
“The impact of these threats is very real,” said Raj Samani, McAfee fellow and chief scientist. “It’s important to recognise that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story.
“Every infection is another business dealing with outages, or a consumer-facing major fraud. We must not forget for every cyberattack, there is a human cost.”