Locky Ransomware Ranks #1 on the Malware Threat List

Proofpoint security firm reports that the Locky ransomware has been #1 malware threat in the second quarter of 2016.

This statistic should not come as a surprise considering the fact that Locky was developed and spread by one of the most infamous cybergangs. The same gang which is responsible for creating the Dridex Banking Trojan, also one of the most popular pieces of malware.

To understand how Locky ransomware ranked 1st place on the malware threat list, you need to follow its steps from the top. It first appeared at the start of this year and its numbers have been growing slowly but surely ever since. Now, according to analysts, Locky is responsible for 69% of all malware spam attacks.

Locky`s basic way of distribution were spam messages including ZIP files containing malicious JavaScript files or Office files containing macro scripts. The ransomware also used exploit kits for its propagation but, as Proofpoint states, spam emails held record-worthy numbers during Q1 and Q2. At some point, the security vendor was detecting hundreds of millions spam messages per day.

In June one of the main Locky distributors, Necurs botnet, closed down for three weeks which led to a significant decrease in spam numbers. Almost at the same time, the Angles exploit kit also shut down, and one month earlier, so did the Nuclear exploit kit. These three shut downs made Q2 a lot calmer than Q1 when it comes to malware distribution, despite the fact that Necurs returned at the end of June.

Proofpoint states that, before shutting down Necurs helped Locky steal the 1st place on the threat list from the Dridex Banking Trojan which was, until then, considered the most popular spam malware. The company also adds that, according to its data, the CryptXXX is still mostly spread via exploit kits.

During Q2, the number of malicious JavaScript files attached to a spam message increased by 230%. This distribution method is now extremely popular among many ransomware families but it was Dridex and Locky that brought it on the cybercrime stage.

When it comes to the Angler and Nuclear exploit kits, they turned out to be a lot more of a threat that researchers thought. Statistics show that after they shut down traffic to exploit kits went down 96% worldwide.

However, Proofpoint has recently discovered a growing trend of exploit kits targeting mobile devices. It alarms that only in Q2 more than 10 million Android devices were infected.

Even though, the devices using iOS operating system are more than those using Android and crooks, by logic, should be more interested in them, numbers clearly show that they are not. Android malware accounted for 98% of the entire mobile malware attacks.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.