Ransomware is trendy again, according to a new repot from McAfee which says that new ransomware samples increased by 118 per cent in the first quarter of 2019. It also states that it had observed “shifts” in initial access vectors, campaign management and “technical innovations in the code”.
Looking at the targets, McAfee says ransomware attacks increasingly targeted exposed remote access points, such as Remote Desktop Protocol (RDP). These can be brute-forced or bought on the dark web. With RDP credentials, hackers get admin access, which makes it that much easier to spread and execute malware.
Most active ransomware families are Dharma (aka Crysis), GandCrab (Yes, the deceased one. This zombie is still terrorising businesses everywhere) and Ryuk.
“After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach” said Christiaan Beek, McAfee lead scientist and senior principal engineer.
“Paying ransoms supports cybercriminal businesses and perpetuates attacks. There are other options available to victims of ransomware. Decryption tools and campaign information are available through tools such as the No More Ransom project.”
Another popular type of cyberattack which includes cryptocurrency in one way or another is cryptojacking, where computers are “hijacked” to mine cryptocurrency for the attackers.
Coin mining malware is up 29 per cent for the quarter, McAfee says, adding that it also spotted CookieMiner – malware targeting Apple users and going after their wallet credentials.