The Proofpoint’s Quarterly Threat Summary for 2016 sates that if you have received spam emails with a file attachment over the past three months, it is almost certain that the file contains a Locky ransomware version.
According to an older report by Cisco, the spam numbers have hit record levels compared to the the early 2010s. The same report included all spam categories like dating, pharma, and pump-and-dump campaigns.
The team of Proofpoint concluded that the number of spam emails spreading malware-laced files reached all-time high numbers in Q3 2016.
Locky ransomware has been considered as the king among all malware families. The ransomware was registered in 96.8% of the malicious spam file attachments in total.
In most cases, it manifested as a ZIP file which contained a JavaScript file inside, however, cyber criminals also leveraged offices documents containing malicious macro scripts, WSF (Windows Script) and HTA (HTML executable) files.
The other infections in Top 5 most spammed malware are the Pony infostealer, the Vawtrack banking trojan, the Tordal (Hancitor) malware dropper, and the Panda Banker banking trojan. Apart from Locky ransomware, the other ransomware variants spread via spam campaigns in larger numbers are CryptFile2, MarsJoke, and Cerber.
In addition, the above-mentioned quarterly report of Proofpoint points out the continuous evolution of banking trojans, who, even if were spread in far fewer numbers than in 2015, continued to be a constant threat due to their anti-detection features capable of avoiding security software.
The positive fact in Q3 2016 is that the exploit kit activity has gone down 65% compared to Q2 and 93% relative to the start of this year. Most probably, the downfall is due to the shutdown of the Angler and Nuclear exploit kits during the spring, as well as to the Neutrino exploit kit entering a so-called “private mode”.
