Report: Second quarter dominated by ransomware outbreaks

The second quarter of 2017 brought ransomware to unprecedented levels with worldwide outbreaks that went almost out of control. In scenarios reminiscent of yesteryears worms, WannaCry created global panic as it used a critical vulnerability in the SMBv1 protocol to propagate like wildfire.

Within hours, hundreds of thousands of machines in over 150 countries were infected and as investigations into the attacks went on, it was discovered that other threat actors had also been leveraging the leaked government-created exploits.

Ransomware continued to be the most distributed type of malware, topping 70% of all threats in June with the likes of Cerber, Troldesh, and Jaff. Interestingly, we witnessed other payloads delivered alongside ransomware, infecting users with Cerber, Kovter, Nymain, and Boaxxee all at once.

In this report, we will provide a quick update on the ransomware that does not want to die off, namely Locky and also review the latest outbreak with the rebranded Petya that wreaked havoc in the Ukraine and affected several multinational companies.

With all this ransomware buzz, we can’t forget about the “other threats” which, as a matter of fact, were also somewhat influenced by the aforementioned events. Malvertising was the major engine behind drive-by download attacks that leveraged various exploit kits, most notably RIG EK, Magnitude EK and Astrum EK.

We noted new and somewhat unexpected tech support scam campaigns, with for instance the use of spam and fake Amazon notifications. Typically those come with malicious attachments but in this instance, they contained links that ultimately locked up the user’s browser and urged to dial the so-called Microsoft technicians.

Finally, this report wouldn’t be complete without our usual Researcher Spotlight section, featuring Jean-Philippe ‘Tinfoil Hat’ Taggart.