Ransomware Overtook Banking Trojans in H1 2019 Email Malware Campaigns
On July 24, Louisiana Governor John Bel Edwards听听after a ransomware attack affected several local government agencies. Those victimized organizations included school systems in Sabine, Morehouse and Ouachita. In response, Edwards said the state would begin working with digital security experts at the Louisiana National Guard, Louisiana State Police, the Office of Technology Services and other entities to help the affected organizations recover and prevent additional data loss.
The attack described above is just the latest in a string of campaigns that have contributed to a rise in ransomware鈥檚 prevalence this year. Indeed, the听听observed a 195 percent increase in business detections of ransomware from Q4 2018 to Q1 2019. Similarly,听听documented a 105 percent rise in the number of ransomware attack notifications it received between the first quarter of 2018 and one year later. These attacks evolved over that course of time, Beazley found, in that they began targeting larger organizations and demanding higher ransom amounts.
These trends beg the question: how have ransomware stacked up against other digital threats thus far in 2019? Specifically, how have they fared against banking trojans, threats which according to听听听dominated the threat landscape in 2018?
AppRiver examined these and other questions in its听. In the report, AppRiver analysts say the company鈥檚 Advance Email Security filters 听had quarantined more than 124 million emails with malware attached throughout the first six months of 2019. These emails, which put AppRiver on a track similar to the total number of malicious emails it saw the previous year, indicated a shift from banking trojans to ransomware infections. Many of these attempted ransomware attacks occurred within the context of chained malware infections, campaigns which used a dropper a to execute a ransomware binary as a second-stage payload.
Not surprisingly, a few of these ransomware attacks in the first half of 2019 made headlines. Presented below are five such infections that stood out to AppRiver:
- Baltimore, MD: On May 7, digital attackers seized approximately 10,000 computers owned by the City of Baltimore and demanded $100,000 worth of bitcoin in exchange for the decryption keys, as reported by听. This attack involved a sample of the RobbinHood ransomware family.
- Greenville, NC: Officials confirmed that the City of Greenville had suffered a ransomware attack on April 10. A member of the police department first spotted the infection and notified IT personnel, who pulled the city鈥檚 servers offline. This decision didn鈥檛 affect the city鈥檚 emergency services, as reported by听.
- Lake City, FL: On June 10, Lake City revealed on听听that it had suffered a 鈥渢riple threat鈥 attack against its computer network. This campaign delivered Emotet before distributing Trickbot as a secondary payload. This banking trojan then deployed Ryuk ransomware which disrupted the city鈥檚 email and phone systems. Ultimately, Lake City met the attackers鈥 demands by paying out nearly $500,000 in ransom, per听.
- Riviera Beach, FL: Riviera Beach suffered a ransomware attack in May when digital attackers used a phishing email to upload malware onto the city鈥檚 systems. This ransomware disrupted Riviera Beach鈥檚 email system and prevented 911 dispatchers from entering calls into the computer. In response to this attack, city officials authorized the payment of $600,000 to the attackers, reported听.
These attacks, when coupled with AppRiver鈥檚 findings, underscore the importance of organizations taking steps to prevent a ransomware infection. To succeed in this regard, they should use an advanced email threat protection solution such as 秋葵视频色Protect to analyze multiple characteristics of incoming email in real-time, all while allowing legitimate emails to find their way to their intended destinations.
.