93 percent of phishing e-mails were carrying ransomware by the end on March
This figure is according to a report released today by PhishMe. This figure has risen from a less than 10 percent-per-month rise during last year, until a spike of 56 percent in December. And the total for phishing e-mails reached 6.3 million in the first quarter of this year – a 789 percent rise on the same period for 2015.
The rapid upsurge is because ransomware is easier to deliver now and has a quicker return than other cyber-attacks. Stealing credit card data is more of involved as the details have to be sold before the card is canceled. ID theft is even more drawn-out. With ransomware, once distributed, the criminal only has to wait for the money to start to arrive; there is no need to hunt and select data to monetize.
Ransomware attracts new operators
Also, victims who are going to pay tend to pay quickly to avoid rising demands, or down-time for businesses. “If you look at the price point of paying the ransom, it is rarely more than 1 or 2 Bitcoin, that’s $400 to $800, maybe $1,000 depending on the exchange rate,” said Brendan Griffin, Threat Intelligence Manager at PhishMe, “That’s a relatively low price point for a small to medium business. The amount is low enough that it’s often easier to victims to pay up rather than struggle to recover the data by other means. And the new, easy-to-use ransomware tools and services are not just attracting criminals who would previously run other kinds of scams, but also bringing new players into the business,” he said.
Market shares vary
Some ransomware is seeing growth – Locky for example. Other previously successful variants have declined in their attacks. Cryptowall accounted for 90 percent of attacks last October/November though seems to have given its market share to Locky which took nearly 75 percent of the market in March.
Soft targeted phish
Along with the rise in phishing mail delivery, ransomware distribution has started using a method that has become known as “soft targeted” phishing. It combines the business compromise e-mail (BCE) method using spearphishing (targeting one executive), and the general-purpose spam that goes to everyone. Soft targeted e-mail attacks go to a specific department and may be name/greeting-specific (staff names and roles can often be found on company website, along with contact details). “This has been a creeping trend for a while now,” said Griffin.
An example of this is the case in March of Petya ransomware, delivered to H.R departments in the convincing form of a job application profile. If this method is used and reaches another department, the recipient will either ignore it, or forward it. Other posts can also be targeted, “For example, our vice president of finance received a message that said it was an important message for the vice president of finance, and had his name in the first line,” said Griffin. Other types of soft targeting include shipping, billing and invoices.
Griffin thinks that as soft targeting increases, phishing will become even more successful, introducing even more ransomware to the business world.