The Revival of Ransomware: Webroot Reveals 2019's Nastiest Threats

Webroot finds ransomware, phishing and botnets to be some of the most vicious

News provided by

Webroot

Oct 29, 2019, 05:55 ET

BROOMFIELD, Colo., Oct. 29, 2019 /PRNewswire/ -- Webroot, a Carbonite (NASDAQ: CARB) company, released its third annual Nastiest Malware list, shedding light on 2019's worst cybersecurity threats. From ransomware strains and cryptomining campaigns that delivered the most attack payloads to phishing attacks that wreaked the most havoc, it's clear that cyber threats across the board are becoming more advanced and difficult to detect. Consumers and businesses alike need to become savvier and take cybersecurity education seriously in order to limit their risk.

BitPaymer
CrySIS-Dharma
Dridex
Emotet
GandCrab
HiddenBee
Retadup
Ryuk
Sodinokibi
TrickBot
BitPaymer CrySIS-Dharma Dridex Emotet GandCrab HiddenBee Retadup Ryuk Sodinokibi TrickBot

Dive into the Nastiest Malware of 2019: wbrt.io/nastiestmalware2019

Webroot's 2019 Nastiest Malware includes:

Ransomware – Ransomware continued to see success by evolving a more targeted model initially adopted in previous years. SMBs remain a prime target as they struggle with limited security budget and skills. Whether its phishing attacks targeting employees or brute forcing unsecured RDP, ransomware is as effective as ever, cementing its place on our list for another year. The nastiest include:

  1. Emotet - Trickbot – Ryuk ("Triple Threat") – One of the most successful chains of 2019 in terms of financial damages. These strains have shifted their focus to more reconnaissance-based operations. They assign a value to the targeted network post infection and then send the ransom for that amount after moving laterally and deploying the ransomware.
    1. Trickbot/Ryuk – The second stage payload for Emotet in the first half of 2019, Ryuk infections that are typically delivered by Trickbot result in the mass encryption of entire networks.
    2. Dridex/Bitpaymer – Dridex is now being used as an implant in the Bitpaymer ransomware infection chain and is also being delivered as a second stage payload off of Emotet.
  2. GandCrab – One the most successful instance of RaaS (ransomware-as-a-service) to date, the authors have boasted shared profits in excess of $2 billion.
  3. Sodinokibi - Sodin / REvil – This combination arose after the retirement of GandCrab. It's not uncommon for successful threat actors who receive a lot of attention to try to start new projects in an attempt remain successful.
  4. Crysis/Dharma – Back for its second year on the Nastiest Malware list, this ransomware was actively distributed in the first half of 2019. Almost all infections observed were distributed through RDP compromise.

Phishing – Email-based malware campaigns increased dramatically in complexity and believability in 2019. Phishing campaigns became more personalized and extortion emails claimed to have captured lude behavior using compromised passwords. The nastiest phishing attacks include:

  1. Company Impersonation – The biggest security concern at the office is often an employee, not a hacker in some remote location. The year 2019 continued to prove that failure to follow best practices – including reuse and sharing of passwords and familiarity with the top impersonated brands like Microsoft, Facebook, Apple, Google and PayPal – caused significant damage.
  2. Business Email Compromise (BEC) – In 2019 there was a rise of email address hijacking and deep fakes. Individuals who are responsible for sending payments or purchasing gift cards were targeted through spoof email accounts impersonating company executives or familiar parties. Victims were tricked into giving up wire transfers, credentials, gift cards and more.

Botnets – Botnets remained a dominant force in the infection attack chain. No other type of malware delivered more payloads of ransomware or cryptomining. The three nastiest include:

  1. Emotet – The most prevalent malware of 2018 continued its dominance in 2019. Despite a brief shutdown in June, Emotet resurfaced in September as the largest botnet delivering varying malicious payloads.
  2. Trickbot – Trickbot's modular infrastructure makes it a serious threat for any network it infects. Its combination with Ryuk ransomware is one of the more devastating targeted attacks of 2019.
  3. Dridex – Once considered one of the most prominent banking trojans, Dridex is now used as an implant in the infection chain with Bitpaymer ransomware.

Cryptomining & Cryptojacking – The explosive growth of cryptojacking sites in 2017-2018 is gone. Cryptomining will not die entirely, however, because it is low-risk, guaranteed money, while also less "malicious" and profitable than ransomware. The nastiest campaigns of 2019 include:

  1. Hidden Bee – An exploit delivering cryptomining payloads, Hidden Bee first started last year with IE exploits and has now evolved into payloads inside JPEG and PNG images through stenography and WAV media formats flash exploits.
  2. Retadup – A cryptomining worm with over 850,000 infections, Retadup was removed in August by Cybercrime Fighting Center (C3N) of the French National Gendarmerie after they took control of the malware's command and control server.

Key Quote:

Tyler Moffitt, Security Analyst, Webroot

"It comes as no surprise that we continue to see cybercriminals evolve their tactics. They may be using the same strains of malware, but they are making better use of the immense volume of stolen personal information available to craft more convincing targeted attacks. Consumers and organizations need to adopt a layered security approach and not underestimate the power of consistent security training as they work to improve their cyber resiliency and protection."

Additional Resources

About Webroot

Webroot, a Carbonite company, harnesses the cloud and artificial intelligence to protect businesses and individuals against cyber threats. We provide endpoint protection, network protection, and security awareness training solutions purpose built for managed service providers and small businesses. Webroot BrightCloud® Threat Intelligence Services are used by market leading companies like Cisco, F5 Networks, Citrix, Aruba, Palo Alto Networks, A10 Networks, and more. Leveraging the power of machine learning to protect millions of businesses and individuals, Webroot secures the connected world. Webroot operates globally across North America, Europe, Australia and Asia. Discover Smarter Cybersecurity® solutions at webroot.com.

Social Media: Twitter | LinkedIn YouTube | Facebook

About Carbonite

Carbonite provides a robust data protection platform for businesses, including backup, disaster recovery, high availability and workload migration technology. The Carbonite data protection platform supports businesses on a global scale with secure cloud infrastructure. To learn more, visit www.carbonite.com and follow us on Twitter at @Carbonite.

Carbonite, Inc. serves customers through three brands: Carbonite data protection, Webroot cybersecurity, and MailStore email archiving.

SOURCE Webroot

Related Links

http://www.webroot.com