Massive 508% Surge in Ransomware Since Q1 2018 For Enterprise

(Howard) #1

MalwareBytes released a report today which was kind of mind-blowing. Ransomware had been trending downwards in 2018 and consumer Cryptomining edging upwards; however, MalwareBytes new figures for Q1 2019 show a substantial flip.

"Out of all malware families impacting commercial entities, ransomware has seen huge comeback with increases of 189% since Q4 2018 and a massive 508% uptick since Q1 2018, while on the consumer side ransomware was “knocked out of the top 10 from its previous steady ranking for several years running.”

Highlights of the report:

"* Emotet continues to target enterprises. Detections of Trojans (Emotet’s parent category) on business endpoints increased more than 200 percent since Q4 2018, and almost 650 percent from the same time last year.

  • Ransomware has gained rapid momentum, with an increase of 195 percent in business detections from Q4 2018 to Q1 2019. Compared to the same time last year, business detections of ransomware have seen an uptick of over 500 percent, due in large part to a massive attack by the “Troldesh” ransomware against US organizations in early Q1. {Note} Troldesh aka Shade dates back to 2014 and seems to be of Russian origin because the ransom notes were written in both Russian and English.{/Note}
  • Cryptomining against consumers is essentially extinct. Marked by the popular drive-by mining company CoinHive shutting down operations in March, consumer cryptomining has significantly decreased both from the previous quarter and the previous year.
  • Mobile and Mac devices are increasingly targeted by adware. While Mac malware saw a more than 60 percent increase from Q4 2018 to Q1 2019, adware was particularly pervasive, growing over 200 percent from the previous quarter.
  • The US leads in global threat detections at 47 percent, followed by Indonesia with nine percent and Brazil with eight percent.

Additional information can be found in their recent blog and full reports.
Cybercrime Tactics and Techniques (CTNT) Report.

The report seems to resonate with the recent FBI’s Internet Crime Complaint Center (IC3) annual Internet Crime Reports 2013-18.

Note: FBI cybercrime reports losses and events are under-reported simply because victims fail to report or when they do report the FBI calculations don’t include all losses ie: losses from remediation, lost business time, equipment and other damages.