The second quarter of 2017 brought ransomware to unprecedented levels with worldwide outbreaks that went almost out of control. In scenarios reminiscent of yesteryears worms, WannaCry created global panic as it used a critical vulnerability in the SMBv1 protocol to propagate like wildfire.
Within hours, hundreds of thousands of machines in over 150 countries were infected and as investigations into the attacks went on, it was discovered that other threat actors had also been leveraging the leaked government-created exploits.
Ransomware continued to be the most distributed type of malware, topping 70% of all threats in June with the likes of Cerber, Troldesh, and Jaff. Interestingly, we witnessed other payloads delivered alongside ransomware, infecting users with Cerber, Kovter, Nymain, and Boaxxee all at once.
In this report, we will provide a quick update on the ransomware that does not want to die off, namely Locky and also review the latest outbreak with the rebranded Petya that wreaked havoc in the Ukraine and affected several multinational companies.
With all this ransomware buzz, we can’t forget about the “other threats” which, as a matter of fact, were also somewhat influenced by the aforementioned events. Malvertising was the major engine behind drive-by download attacks that leveraged various exploit kits, most notably RIG EK, Magnitude EK and Astrum EK.
We noted new and somewhat unexpected tech support scam campaigns, with for instance the use of spam and fake Amazon notifications. Typically those come with malicious attachments but in this instance, they contained links that ultimately locked up the user’s browser and urged to dial the so-called Microsoft technicians.
Finally, this report wouldn’t be complete without our usual Researcher Spotlight section, featuring Jean-Philippe ‘Tinfoil Hat’ Taggart.
Download full report here
Thanks for reading and safe surfing!
Are those Microsoft technicians STILL around? Do they think we will STILL fall for it? Geez Louise.
Been getting phone calls from “I-yogi Technical Service” who claim they are acting under the direction of the Federal Trade Commission. They have been ordered to issue refunds to customers who never received the services for which they paid. All you got to do is log onto a site and put your credit card number into the system and they will issue you a $250 refund… Yeah; Right…
Death penalty for all who hold computers hostage by #Ransomware
I get calls from “microsoft” about my computer and I just tell them I DON’T HAVE A COMPUTER. That is fun as they don’t know what to say, it is not in their playbook. 😉